Overview

overview

10

Static

static

3

HPConvertVideo.exe

windows7-x64

10

HPConvertVideo.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HPConvertVideo.7z

  • Size

    1.1MB

  • Sample

    250113-3a7vrszpg1

  • MD5

    5613dee04e17740dab75c7b5f1a391b0

  • SHA1

    b7934decb0438457fc374ad370f34f835955ea64

  • SHA256

    c7154824e731ce67f505e5ef8f6d7b28fc15fa3997850db70141911caf4ce1a5

  • SHA512

    bbe078acbbef762d6f5577e0933be9ea930387f60b5715b772cf3d40f8780656578a25d0d085aa0635f68892fdb4c1d372ab3fa145018f8f0aea773c7ac758fc

  • SSDEEP

    24576:i7ulcWqZpoJw7BJ4LOc7PZu5mQbMVUH6whSXq5oN3zaH:i17ZpoJwf4LOc7g8QbM2awhSXTK

Score
10/10
asyncratsolo-domi-orosdiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Solo-Domi-Oros

C2

procesosespeciales855.casacam.net:8853

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      HPConvertVideo.exe

    • Size

      943.7MB

    • MD5

      b3c0d55ae638cef0a8d078d6dbf587ad

    • SHA1

      673c2b0ecc3737f8caa309c2b662770512373684

    • SHA256

      2529468d09b4984c8992ce992372e0945738749cda6555e58dfea668cf45de9b

    • SHA512

      5c573e06c563ef4c3d5f97357c57b7e4bf258758a41b0e359fa4dcc3b37efe0365a6290f005929a97f38aa26d70a1b907adef191fc48a183e88ce33658f62f48

    • SSDEEP

      49152:+LJwSihjOb6GLb4SKEs3DyOMCZ+Ut0+yO3A32AS+TvunIWjo0P66Ps193n7/k458:awSi0b67zeCZt0+yO3kSJBv9

    Score
    10/10
    asyncratsolo-domi-orosdiscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks