Overview

overview

10

Static

static

3

new.rar

windows7-x64

1

new.rar

windows10-2004-x64

1

Drivers.Bu...an.log

windows7-x64

1

Drivers.Bu...an.log

windows10-2004-x64

1

Drivers.exe

windows7-x64

10

Drivers.exe

windows10-2004-x64

10

Drivers.exe.recipe

windows7-x64

3

Drivers.exe.recipe

windows10-2004-x64

3

Drivers.iobj

windows7-x64

3

Drivers.iobj

windows10-2004-x64

3

Drivers.ipdb

windows7-x64

3

Drivers.ipdb

windows10-2004-x64

3

Drivers.log

windows7-x64

1

Drivers.log

windows10-2004-x64

1

Drivers.obj

windows7-x64

3

Drivers.obj

windows10-2004-x64

3

Drivers.pdb

windows7-x64

3

Drivers.pdb

windows10-2004-x64

3

Drivers.tl...1.tlog

windows7-x64

3

Drivers.tl...1.tlog

windows10-2004-x64

3

Drivers.tl...1.tlog

windows7-x64

3

Drivers.tl...1.tlog

windows10-2004-x64

3

Drivers.tl...1.tlog

windows7-x64

3

Drivers.tl...1.tlog

windows10-2004-x64

3

Drivers.tl...s.tlog

windows7-x64

3

Drivers.tl...s.tlog

windows10-2004-x64

3

Drivers.tl...dstate

windows7-x64

3

Drivers.tl...dstate

windows10-2004-x64

3

Drivers.tl...1.tlog

windows7-x64

3

Drivers.tl...1.tlog

windows10-2004-x64

3

Drivers.tl...1.tlog

windows7-x64

3

Drivers.tl...1.tlog

windows10-2004-x64

3

Resubmissions

13/01/2025, 00:07

250113-aet59aymcl 3

11/01/2025, 23:31

250111-3h1resxjcl 10

11/01/2025, 23:29

250111-3g1p2awrgr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new.rar

  • Size

    410KB

  • Sample

    250111-3g1p2awrgr

  • MD5

    c572d170d5e25b24adf34894889dc062

  • SHA1

    3749e822ecee526adc6dfb90e4efaf869cb166c5

  • SHA256

    80a014e40493d25ab26964e06ee2c8c885bb8c70d549d1eacd6fb2626cd9a9f5

  • SHA512

    03b93d6a609daf825da2ef2c61f680fa3e4aa44b92ed47fac205bfa939c6929bb82d7047d3ab22f6e2d8dd9fd6ce3bbc4d3e30cd559ce45014095297db33a47b

  • SSDEEP

    12288:AQ+Ixt+pBkED/pZP6ov9jSuJwsiMyuKEboMpdoJnGjopKmBX:AQ+o8BkE7riovhSuJ3iWK3IEG3i

Score
10/10
asyncratdefaultdiscoveryevasionrattrojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

136.243.175.182:7777

Mutex

9HD6aMtS9FtK

Attributes
  • delay

    3

  • install

    true

  • install_file

    Runtime Broker.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      new.rar

    • Size

      410KB

    • MD5

      c572d170d5e25b24adf34894889dc062

    • SHA1

      3749e822ecee526adc6dfb90e4efaf869cb166c5

    • SHA256

      80a014e40493d25ab26964e06ee2c8c885bb8c70d549d1eacd6fb2626cd9a9f5

    • SHA512

      03b93d6a609daf825da2ef2c61f680fa3e4aa44b92ed47fac205bfa939c6929bb82d7047d3ab22f6e2d8dd9fd6ce3bbc4d3e30cd559ce45014095297db33a47b

    • SSDEEP

      12288:AQ+Ixt+pBkED/pZP6ov9jSuJwsiMyuKEboMpdoJnGjopKmBX:AQ+o8BkE7riovhSuJ3iWK3IEG3i

    Score
    1/10
    behavioral1behavioral2

    • Target

      Drivers.Build.CppClean.log

    • Size

      1KB

    • MD5

      8e28152fb1a12701f26161e1258fba3e

    • SHA1

      64248ea7602e75d4ceb413a763975bb28940ffab

    • SHA256

      395181904a6551a59a5ba25bbd26d9e4c91cf5b87c204a441a81bdc4d994213a

    • SHA512

      b4ba64abfaf2de8b55a7aa7fd180afb524753ef032ca1c007ebcd9241af1fb2ad2ce43ef179d054a3e0826d23da934479768173ad566d2c9cfc4c1e7bf744b98

    Score
    1/10
    behavioral3behavioral4

    • Target

      Drivers.exe

    • Size

      21KB

    • MD5

      3dbe554d99db5921c2869df9745b32be

    • SHA1

      ec61ad96e9848de6e55121c8acd8be6221cc204b

    • SHA256

      70b2d5ddb11d58b8a53d0fdc74259241057812e4dfc21a03b937a320e290d822

    • SHA512

      6e752d09c1c214bd73f5295eb6ff65eb324d123a57de4ae5516b972f9ec3208e962aca9089f9ef6b91ca3c9394d5c6fd68e806012e9b4aff3f9277b3ee8cd6cc

    • SSDEEP

      384:vTRQmNZSqP8MyoXKQmXNQltXpQyXlQx/uoOQtGQmXE9RrA5iXNjd2Ht5rkFJ0Wqx:WlOq2tzclrldjdKkFJCVA3g

    Score
    10/10
    asyncratdefaultdiscoveryevasionrattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Async RAT payload

      rat

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      Drivers.exe.recipe

    • Size

      302B

    • MD5

      a498f65d40e133b2d4bb62a6cf163cd2

    • SHA1

      65de339bb627c7c131d8811f9fcad897a1c2ed38

    • SHA256

      05a270acf98bd7047004726bc16e89e5a5cd8d8b2d0560cb150bfe11c741176c

    • SHA512

      c10d43eb26e307e54d4a6139e60ac879551bd2b1e8b959a208222e1120ede9871e551b12dc9ea8b64735eb01b7f5b3bf2a53696e04822c6ce099f20d7c3e4b6b

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      Drivers.iobj

    • Size

      224KB

    • MD5

      fb73825f7e787eb0bca7b5aea35c2365

    • SHA1

      14bb77d576be5c20bd777ed520880a482fb207ef

    • SHA256

      af35412bc71bd9e8a0777097b31d6e3b8894775603496a3a2f059e31731437ad

    • SHA512

      943a38168bedd893846fd89a82103f63695f9a0bfdd8067d13d77c02766ee86efe730292efe54cb553cf6886e212ad5d9f54f32f5030c6fa0bf71826ebab2c75

    • SSDEEP

      3072:+TnrRKIe2yfR/HNXy6QGMwFgz5/B7aa1+ZF:+pHe2K1i6vM2gDaa1U

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      Drivers.ipdb

    • Size

      96KB

    • MD5

      2ad567a0af0d5838fb21b4091e689d6c

    • SHA1

      4d328bf5ec3672c58f974fc2585c4168cd7a5c04

    • SHA256

      e867e61d201d10ea19fdceec1cadcfa69e1986383dd9af9c74c1d56ed55ecec5

    • SHA512

      627ed77077875da170d7659ed5186cbeeb8dce8b1e9feea3f9f8672e540efd6dfd5de2367bfc26f3cf6c573c33b989b38ac80526d45445a51464fdbb635859bf

    • SSDEEP

      768:hLGuuuxoIQBYPYys1OVeV1rkMrxKrK3QB/GJLFzBnmnIonfG7NzDHSASTSGHW5:4uuuxoF2AxMMrNgB/GjUlOcW5

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Drivers.log

    • Size

      306B

    • MD5

      269d2b54e332f78067ecce8a6f6d6bc8

    • SHA1

      f78deabf1238c8cb4c760e95c0fd1390bbe6993a

    • SHA256

      f0f2620e5d2631ff449b4515191ac996e67671e8f6f8bd1d73e9255cb75b6732

    • SHA512

      5751d86cdf9d15c6403d1f73e1aa4be87fbfdeb48d6e455d11e331ea4e9e4cc6131f5c4e4442e5ea85fa1ee93257348f6c97ce51f4df0e78de9d0a0e11dc1216

    Score
    1/10
    behavioral13behavioral14

    • Target

      Drivers.obj

    • Size

      616KB

    • MD5

      1dcde9060a3e93a3f40fe0fd2e8b5687

    • SHA1

      b71c24147af3bdaf462c855074d725d2f330ac0b

    • SHA256

      bf7ed4afd7e4c57dea1d89975c831fe62f8db13a528ac21888af62dfae2c73b8

    • SHA512

      71b0864ba287ef23ccc07be53ef2558ff13cca8ca4b070415e19ead0cc5d12ac3e3eaced7688dd40c4d9d7f5c9517903bbde8831fd6498bef22cc4527a461579

    • SSDEEP

      12288:pkGZ54R51Wl0KkTNupK3EOrgvZAcp+PK54nJK:pkGvWFNus3GV+PK54nQ

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      Drivers.pdb

    • Size

      876KB

    • MD5

      7f1edeef84354410614e847d22eba2d2

    • SHA1

      a464c401d8d026d5b96250391b0401e4958f9b92

    • SHA256

      113ee5b1c32c5eb6c5343d590f8dc85d703ea35204cd6547e3cdd8318e6251ff

    • SHA512

      0c645a4ba792070366ccd71ddbf2c578b64ec6ab0a9ae170287c0b5759c3d6714193b36f410eff016707aae2b393eed6f7fe380a31b83f2ba6858f4a1a88d8f0

    • SSDEEP

      6144:8VOZHD9HY4fTqKc06LyVYJu5fALoUKrFcEPHMfHDhMWeqdFvSs+W20xT3wgNAOCl:80ZrOvaSIjDf00IT

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      Drivers.tlog/CL.command.1.tlog

    • Size

      754B

    • MD5

      8ae312d04301e154b1203cafe396a3c9

    • SHA1

      d6727d0112fb9a6c26de5caa6125199fc7ac6e8f

    • SHA256

      3d4509945cf9ad322bae7f7453dc7d80b92d1404f2169949cc661349c2f039a1

    • SHA512

      9df188339c347a463361a8113104d325f754196329e66ee2831ec2c7d8730bec4c6158c1007ee4f9e673f01ca6e6159de95518ccc9ecf828707868174364171c

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      Drivers.tlog/CL.read.1.tlog

    • Size

      37KB

    • MD5

      540800b6faee0f47d6a3b10b6d922f23

    • SHA1

      3967e534bbfa085628e5bcde3fd5ac1c3f5c0bea

    • SHA256

      f268463fdc5d6124b54c8712fce2ffb3b1d0d6e2c8bb19538b2942e16416eda8

    • SHA512

      92635ae853db82d130ef9d123e38fdbf4a76ec16954df9e5aaa4fb06650b4de7f622a17d73601493edc10fcba4ec1ea01e9745dafd6a3e2e956df5efe870eeb3

    • SSDEEP

      768:TOGFKvHUg2P1KvRF34iGo+FNEkcg7JEkE2faXuFM61u5iGa1do:TOGFKvHx2P1KvRF34iGo+FNEkcg7JEki

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      Drivers.tlog/CL.write.1.tlog

    • Size

      390B

    • MD5

      9af259f01b2f761b1e56780e2bf20482

    • SHA1

      8ecc884b63a834bff20462d7e399ea19ed198711

    • SHA256

      f7ca65ae9cb4373bbbcdd7165e91566f2dc9392dcef3bb20c2c32fd0eb1b0c41

    • SHA512

      02b925108d01b69ff7d58f15acdd698b85c0d09eff646574b4a922413f3c8616719d83cce5ce5e740b82b71810f8831fa1259f67abfdd488b222063890ab2ffa

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      Drivers.tlog/Cl.items.tlog

    • Size

      125B

    • MD5

      9a654cd551a26175a76b3d55af181969

    • SHA1

      4d31e2278074f1dc40f45d10585ce5c227fe2e67

    • SHA256

      23f96c6d53083bffc25dc06a7a36a5ebe22d63873523797de0bd90e47f98fcbd

    • SHA512

      d01528393ba67a1bc93f40d6e8da646c08435ae102c96d7f9fc749767738dbf538531d5a7fc41262fa175067dd989c7755ad65f2f3f5b95697f3928e99b5ee14

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      Drivers.tlog/Drivers.lastbuildstate

    • Size

      167B

    • MD5

      1da763b09627ca75aa1b03c0a47e2c0a

    • SHA1

      d71905fe39afaa807f9c04e4f3fc2dc7481e9592

    • SHA256

      d93140886a4169498608e81e7087272b2950b439d66e0a7ab7ba96b18d51d929

    • SHA512

      15b45748b6d60ce95fe0e6a1cfc8eb46ac815b82acdd408c770da4ccbe8e9792d8b1da6dda4e9a63659de549fdbb082db0e16eef2967e7816754c5dfeddf6242

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      Drivers.tlog/link.command.1.tlog

    • Size

      1KB

    • MD5

      e4cb4b239e1add37d0e07c02a81561c2

    • SHA1

      de0f46b6173f37d8b37ab62d2732f97e9be0d867

    • SHA256

      83ddc68deb107edc2c7340e6cb9f0ab253a0973d1ab7c92f6979fa3513ca1f16

    • SHA512

      d86fe07e8dbe4d1b38e63a9d0494d05850f49b0de65d57e599b9a6e82e73c0fe722350f10836b45efdde6aa2f86b20dbdcace817f18ec680d218a6bd69c8d08e

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      Drivers.tlog/link.read.1.tlog

    • Size

      4KB

    • MD5

      ef618f00f5bac455e092d710da911f87

    • SHA1

      06568341a4f4bc9ace00d2f87f8ddc90c6e2fd46

    • SHA256

      35254474c4d8503c9c08e48e20bd4aa81e33a1d60517d1131454b9cc7ae2942d

    • SHA512

      905f8cf985f4d462aeb7d56064a6a5d39c3340251bb94de71f33538c6254a9dd3788497996081590f26b78700e91414f130a6bde04d2e5ab1f985303f5b17e2a

    • SSDEEP

      96:nMwtAZl9tY1dtPpGe7Rrmsjo6D98rsjsaKW:nrge9lgaKW

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

asyncratdefaultdiscoveryevasionrattrojan
Score
10/10

behavioral6

asyncratdefaultdiscoveryevasionrattrojan
Score
10/10

behavioral7

discovery
Score
3/10

behavioral8

Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

discovery
Score
3/10

behavioral16

Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

Score
3/10