General

  • Target

    Szsmegs_LetThereBeCarnage_signed.exe

  • Size

    176KB

  • Sample

    241023-1ynexs1gmf

  • MD5

    54b7712e77bfd017f765162d14fc58d6

  • SHA1

    00bd83549c77e4ac889d12b807fdb913ec605d3b

  • SHA256

    f4f0b8b2821e83ede86112c5b372c631ac57713a65b00388b3ccbec19b135a99

  • SHA512

    90ae2f06cf04bef6db48801b0f09da756a39a6c6f633e19c1a7255bf739c0671d0f0869e4212806c2f0a6aa3b33e49bde35a4ff19fa009d84c82b9cdb108a1f9

  • SSDEEP

    3072:Mc3nDSJodfX43Rw/wPAQ9bwdTEP+EcZaUmSBPU9D9Szx:jD0RUCAQ9bqT6+EhUlsEV

Malware Config

Targets

    • Target

      Szsmegs_LetThereBeCarnage_signed.exe

    • Size

      176KB

    • MD5

      54b7712e77bfd017f765162d14fc58d6

    • SHA1

      00bd83549c77e4ac889d12b807fdb913ec605d3b

    • SHA256

      f4f0b8b2821e83ede86112c5b372c631ac57713a65b00388b3ccbec19b135a99

    • SHA512

      90ae2f06cf04bef6db48801b0f09da756a39a6c6f633e19c1a7255bf739c0671d0f0869e4212806c2f0a6aa3b33e49bde35a4ff19fa009d84c82b9cdb108a1f9

    • SSDEEP

      3072:Mc3nDSJodfX43Rw/wPAQ9bwdTEP+EcZaUmSBPU9D9Szx:jD0RUCAQ9bqT6+EhUlsEV

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks