Overview

overview

10

Static

static

3

DiceBot.5.0.4.zip

windows7-x64

7

DiceBot.5.0.4.zip

windows10-2004-x64

1

DiceBot 5.....4.exe

windows7-x64

1

DiceBot 5.....4.exe

windows10-2004-x64

10

DiceBot 5....ox.dll

windows7-x64

1

DiceBot 5....ox.dll

windows10-2004-x64

1

DiceBot 5....nt.dll

windows7-x64

1

DiceBot 5....nt.dll

windows10-2004-x64

1

DiceBot 5....on.dll

windows7-x64

1

DiceBot 5....on.dll

windows10-2004-x64

1

DiceBot 5....PI.dll

windows7-x64

1

DiceBot 5....PI.dll

windows10-2004-x64

1

DiceBot 5....SE.txt

windows7-x64

1

DiceBot 5....SE.txt

windows10-2004-x64

1

DiceBot 5....nt.dll

windows7-x64

1

DiceBot 5....nt.dll

windows10-2004-x64

1

DiceBot 5....in.dll

windows7-x64

1

DiceBot 5....in.dll

windows10-2004-x64

1

DiceBot 5....on.dll

windows7-x64

1

DiceBot 5....on.dll

windows10-2004-x64

1

DiceBot 5....pt.dll

windows7-x64

3

DiceBot 5....pt.dll

windows10-2004-x64

3

DiceBot 5....ua.dll

windows7-x64

1

DiceBot 5....ua.dll

windows10-2004-x64

1

DiceBot 5....ne.dll

windows7-x64

1

DiceBot 5....ne.dll

windows10-2004-x64

1

DiceBot 5....rs.dll

windows7-x64

1

DiceBot 5....rs.dll

windows10-2004-x64

1

DiceBot 5....te.dll

windows7-x64

1

DiceBot 5....te.dll

windows10-2004-x64

1

DiceBot 5....ll.xml

windows7-x64

3

DiceBot 5....ll.xml

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DiceBot.5.0.4.zip

  • Size

    5.4MB

  • Sample

    250104-zszekaypeq

  • MD5

    db9cf9e9e0bc3db99cdf31faef819634

  • SHA1

    99a4cfa8bd2b6a2076959c66c07eb07fb9e56c2f

  • SHA256

    597967017af5b99604f5b8135ba5da3929d447937ef96d6d08750c71b1ad8b57

  • SHA512

    a27a627e97a35a7e6c3bee08ff943cb9574451c924685e8bcd7a935711dcf46d36b82f5ddb24089fedc651c76e5df35d5e2cfc70dc458225a63c2ef09e5f4dd1

  • SSDEEP

    98304:WjXkWcnP6jp841ih8aElTJvggVd+t3Dh/CH/58+OGp9OBP+UNfZCvmN3:WjmSjpB9aqgFt3DhQ/58+OGOlNfYw

Score
10/10
asyncratstakediscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

AsyncRAT

Botnet

Stake

C2

powershellcmd.theworkpc.com:111

Mutex

AsyncMutex_bloxstrap

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      DiceBot.5.0.4.zip

    • Size

      5.4MB

    • MD5

      db9cf9e9e0bc3db99cdf31faef819634

    • SHA1

      99a4cfa8bd2b6a2076959c66c07eb07fb9e56c2f

    • SHA256

      597967017af5b99604f5b8135ba5da3929d447937ef96d6d08750c71b1ad8b57

    • SHA512

      a27a627e97a35a7e6c3bee08ff943cb9574451c924685e8bcd7a935711dcf46d36b82f5ddb24089fedc651c76e5df35d5e2cfc70dc458225a63c2ef09e5f4dd1

    • SSDEEP

      98304:WjXkWcnP6jp841ih8aElTJvggVd+t3Dh/CH/58+OGp9OBP+UNfZCvmN3:WjmSjpB9aqgFt3DhQ/58+OGOlNfYw

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      DiceBot 5.0.4/DiceBot 5.0.4.exe

    • Size

      178KB

    • MD5

      109ffbefe8cccafc6db7276baa45be0f

    • SHA1

      df7300d951756013db8b820ce4b4044559fe83d1

    • SHA256

      647de53b1d9e75ec2ff48838924ddd00799d05c0d61af111a842a59621a90f7c

    • SHA512

      13af9f6925cb22bb2b4c644e6737d37e508c1a53677942619c415265e4a9b699769df7406d6409dad5198c428bf66c54cf33490a2b98450546b73a68422793d5

    • SSDEEP

      768:mj+HObZiwMBp7jlP9LWJz9AktYcF2l1x6KOFn60KS:m9bZi7B0QY21xlOFn60KS

    Score
    10/10
    asyncratstakediscoveryexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      DiceBot 5.0.4/FastColoredTextBox.dll

    • Size

      323KB

    • MD5

      8610f4d3cdc6cc50022feddced9fdaeb

    • SHA1

      4b60b87fd696b02d7fce38325c7adfc9e806f650

    • SHA256

      ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9

    • SHA512

      693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09

    • SSDEEP

      6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO

    Score
    1/10
    behavioral5behavioral6

    • Target

      DiceBot 5.0.4/GraphQL.Client.dll

    • Size

      17KB

    • MD5

      071e547a51cc77113188b082ef38c8b1

    • SHA1

      652cf98166843c6835ec0722b06d2d357d0e29fa

    • SHA256

      99af697a24dd434cd65675f5103f53b4e66b05cab6dbad229414748c0b8a6385

    • SHA512

      2642ed9a13f73b44f8bd56156feac223f96283a3a2b0efcbfa6bdfccc62ef7d96614f300e46f03decd1a87c8377137f1e52ccf5cbd22041c206d65dca184b90e

    • SSDEEP

      192:w6RiB9wb5u/kL+LB/mWqL5uvq3v6V0Wo5pQZkT3lEJwdF/o7hrf97TWxLIb:9Rif+5FyLB/mWqaU6Do5q+EIouxLIb

    Score
    1/10
    behavioral7behavioral8

    • Target

      DiceBot 5.0.4/GraphQL.Common.dll

    • Size

      8KB

    • MD5

      e6645024bc55499a2a08f1066f84fd1f

    • SHA1

      e2b1604f55edac17333502d65acc0bf661c278dd

    • SHA256

      3d52aab740e42357e3de0e8f9345aea5bbf9ea63729657713c307d9f257d893d

    • SHA512

      0ce325a7ba5c27a5e5aa1234da18c36b0b62d1f0e7b0b5f5ff65f932b17be9db90f029c1c2c7a4ef51351dd7e684ac2af450040472a95f0a22592e420707f9c6

    • SSDEEP

      192:Vc8G2P7Hzj3m1LwiYqyOOlNXqMtuAcsP:VXbzzm1LdYhOijulsP

    Score
    1/10
    behavioral10behavioral9

    • Target

      DiceBot 5.0.4/JDCAPI.dll

    • Size

      97KB

    • MD5

      044c8df8c5f052cbd6aa1edf3eb62253

    • SHA1

      f2d4213021b9a88119f4aa731eac2e415db06ff5

    • SHA256

      8cad2b389c90f24d1c7ea682b77a670e1f9ca330c402f62854539eeabf90340c

    • SHA512

      433ad5514bba37415cc5f4c541dc8341acc0f5d59dceb5e001048751066cc3c6353f2fb13ada66de2656485557d353eaee14acd727ccb8c60eca18aeef82f08c

    • SSDEEP

      1536:PW1tzNQIiQBTbtsyvpcveL2T6NmZWROXt4neBvqRi6FVx6ab41EziC:P8zDiQTbRsCmMolcVx6ab5

    Score
    1/10
    behavioral11behavioral12

    • Target

      DiceBot 5.0.4/LICENSE.txt

    • Size

      1KB

    • MD5

      ffd7aa9a22f69969bd1aec3c2a7bf9cc

    • SHA1

      4ce2410948d1154581f9d065152579f3d2ec56c1

    • SHA256

      860578d42d9b0577c5664bf6cfdf99e70c23843abd0786ab70cc981e5d7eed8e

    • SHA512

      93a66cc2cff493aef5617a9ec33ff081296c25f50cae97aafb137e8e94ad937cf30568481cfad51235c267e9f59a5a0d340842b4bf5755151bc31fb27445d8e1

    Score
    1/10
    behavioral13behavioral14

    • Target

      DiceBot 5.0.4/Microsoft.AspNet.SignalR.Client.dll

    • Size

      141KB

    • MD5

      91acb33def86fe9b713ae53fdcec0052

    • SHA1

      ff6bb0be2d31279ce84def431c54049e04633cfe

    • SHA256

      b31faf28ffd5fc9bf6da220daf78aabe4b4a65491e751ada78f2430b8cc70256

    • SHA512

      ab86a3cd6664846e147fad32c1567d76d0a84c98e7a09213d08592607ac8d0590813de15418a57b006b30c5ee49172eedc3ddf0c09eb61df621b7bf48a99e53f

    • SSDEEP

      3072:qs4W+bEW3N4MzBqdBK9SJvO83iXXLXabUhR:8Rd5kdBVOLR

    Score
    1/10
    behavioral15behavioral16

    • Target

      DiceBot 5.0.4/NBitcoin.dll

    • Size

      1.3MB

    • MD5

      dbade819bfa077854d5f3bc508605065

    • SHA1

      1e15c8d75d8a0d5e2adb305960148df41ed651fc

    • SHA256

      d280ad2879172cfb49fe231ad57dc623798e0401a6eb715217b93d6952588143

    • SHA512

      4aa012dae8536ab622314235bf3428550ed5d654c7cd47bf5c9812d9a90d8e89d644cb679c34d2faabee9af3f08bc064d898a841bd628d8d8027fc27d96e2dd9

    • SSDEEP

      24576:kRdbaABbVoLr03mxGfItoLML2LKxJgeWDpf/oX:auStLML2La6eWy

    Score
    1/10
    behavioral17behavioral18

    • Target

      DiceBot 5.0.4/Newtonsoft.Json.dll

    • Size

      647KB

    • MD5

      5afda7c7d4f7085e744c2e7599279db3

    • SHA1

      3a833eb7c6be203f16799d7b7ccd8b8c9d439261

    • SHA256

      f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4

    • SHA512

      7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944

    • SSDEEP

      6144:3o4V9ynqKoxhi0gAsfLBhJJzhGIVrdhoHuLFGAJmKApt5psaLGBFahKGRd67XLEm:LyncxQRhJJzhoqgH5sB4dxHG

    Score
    1/10
    behavioral19behavioral20

    • Target

      DiceBot 5.0.4/Noesis.Javascript.dll

    • Size

      2.4MB

    • MD5

      147654592923ba1f5cd2733ab1eacc55

    • SHA1

      b91242d9bad3eef396aac97fa8ef22d9a307fbe0

    • SHA256

      7ab4339cda5616752c9889358e54a16756aedf647b88f53b53d2d952505f34c1

    • SHA512

      91926c0678a68ab290530fd44b3d9b2725ba7da5aceb898168b4d5ca264f441a73502ef900cf9bb7f23c39dd832a59caf515308e70fa0d55977e09306c2f4606

    • SSDEEP

      49152:pL6B41WXmqQHB0IX4ldTovhcgaaShOQG1lio1pE6gVDiP8lK4X:l1W+B0IoAcgaaShO/1Il

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      DiceBot 5.0.4/SharpLua.dll

    • Size

      434KB

    • MD5

      0d6ed8dd5ae0c44e9ace60d3d8170fc3

    • SHA1

      8e3985f1962ce9c6cd9b2ee2f294275ca1b74bdf

    • SHA256

      566d60ad776331006cfccb073d3ab6f488b009393e1e7baf9148cef1653f1809

    • SHA512

      0b872695e82012966e81d88cc73c3e025f877667f80e1d0368fdcbdb5bcb0d847acfa85c3ab5a012cd84f70b0b3712ec56617fd685ee6f2592ce95adb37a6c6c

    • SSDEEP

      12288:Q/B24/FHTbxFKDsdKbWR9L4nPCJAONPiYY1OkFpS51CLTvndWMM8NXvg9l4oUfBw:Q/B24/Fzbx3dKbWR7cC

    Score
    1/10
    behavioral23behavioral24

    • Target

      DiceBot 5.0.4/SuperSocket.ClientEngine.dll

    • Size

      41KB

    • MD5

      bbea7769de6a008c3156141c52fdc18e

    • SHA1

      7d9f90e8da62f9834f532e9a0aba54969c14ec28

    • SHA256

      9863a8ca0fd55fdf1de8d64cb89d034fc009a58220d45c5f4f83c6cdd0c5cbfd

    • SHA512

      f7a58cbc5a6bc964d2af1a654a5eaee19bbc818352a9a3547a99952c027dbc67307ccb0987ff1ff6c88850ad322fbea1530bb0172a95636afdf9ff34ab340420

    • SSDEEP

      768:nDGXmBiIOJv2IIXs4UOPhbY+m/rihAt5A8o4/aBS8XpTt/yO0y:nDGXmBiXanx+zehk/WpB/yO0y

    Score
    1/10
    behavioral25behavioral26

    • Target

      DiceBot 5.0.4/System.Buffers.dll

    • Size

      27KB

    • MD5

      775985a0b99bd5b2cf3d231a279660ce

    • SHA1

      6344d49036f0675a7c3c4fe85a6884a52c05d3d1

    • SHA256

      e0dfe400d224dbbe40f22f6c66b995ffc350f4105f57fb587d9c59e911d912be

    • SHA512

      3b94d3f56a2b3c97cbbe8209efc692219fdff7d223dbe3faf0b23a47a39a8f1de0ae9105a496b34017ee02d8101d57df0e325c313c692bf1d66013fdca4c406f

    • SSDEEP

      384:VO/fjRwUI/KxyVvK+6hG6ksWYYWmDRFm0GftpBjSraQHRN70fylDiK/:Vq1MjVlKwDnViwrL08D

    Score
    1/10
    behavioral27behavioral28

    • Target

      DiceBot 5.0.4/System.Data.SQLite.dll

    • Size

      349KB

    • MD5

      b65cedc44ca981b2b57b17535f180796

    • SHA1

      54b234df27a3323d6e9b16c20404d9e4f2ca4fcd

    • SHA256

      7683e2c0c475ab55aef8669b61ba289fcd09a07e7a72ad0f2bb4c7b1c3c38203

    • SHA512

      40d6bff98a23579cd3dbebda7f6ebf3a0e32c98991893664f22a6c46a67e6a420023d967686695e3f18f4126c40698cd5a504fbbc9516ddf00036e739915b60c

    • SSDEEP

      6144:rVyek+6/SQPfRwgPV874Wd7Sj4hUwtirFNFaFeFOFwcGF6cmFWc0FWc8cIcKcUFd:m/veOpFNFaFeFOFwcGF6cmFWc0FWc8cu

    Score
    1/10
    behavioral29behavioral30

    • Target

      DiceBot 5.0.4/System.Data.SQLite.dll.config

    • Size

      736B

    • MD5

      8ab01db32f56322275cbd0864feb5d55

    • SHA1

      cbdb70f5fc04485af0d09ef7484faa7f8b3047bb

    • SHA256

      cde00e0a0f52ed121d52c17338da42ffd9656d4f81a76df2dceda05c88f783ef

    • SHA512

      e52a5e341309bae40a4f69d67226a92dfc42b08d4e815da3a7df7295d68da6dcad8973d32af84f269692bd98634c4657e1394366574f5ec299eb50fa3d1db468

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

asyncratstakediscoveryexecutionrat
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

discovery
Score
3/10

behavioral32

Score
1/10