Overview

overview

10

Static

static

3

lossless s...ng.exe

windows7-x64

10

lossless s...ng.exe

windows10-2004-x64

10

lossless s...il.sys

windows7-x64

3

lossless s...il.sys

windows10-2004-x64

3

lossless s...le.dll

windows7-x64

1

lossless s...le.dll

windows10-2004-x64

1

Resubmissions

14/01/2025, 23:37

250114-3maqsstkcs 10

14/01/2025, 23:34

250114-3kd1fatjgv 10

14/01/2025, 23:27

250114-3feq6svngl 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lossless scaling.zip

  • Size

    3.5MB

  • Sample

    250114-3kd1fatjgv

  • MD5

    6c87ed78fd187262be3d49889b1dd32b

  • SHA1

    12e581a8ed77d2094928d76cfcbf8540995b1e6d

  • SHA256

    7dcd9d23296c19c7f6a68507770bb6ff559cabcf1253d82a8becc74f0d1d7b47

  • SHA512

    b7c180073971c5cd55aa30f0a21a49057f967f87862a53ccd220823619cfe19f92650c5561ff6924eefcb78af152117acfaf25fdd05e42e87547ffe1f64cedfd

  • SSDEEP

    98304:bFotLrw5RAlk44jx4f5af86aO2AFd4Cyc8EAFS2WO:Bo4yEx4f5afbapvZOO

Score
10/10
asyncratdefaultdiscoveryevasionexecutionrattrojan

Malware Config

Extracted

Family

asyncrat

Version

A 14

Botnet

Default

C2

Egypt2.camdvr.org:301

Mutex

MaterxMutex_Egypt2

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      lossless scaling/Lossless Scaling.exe

    • Size

      155KB

    • MD5

      1bb432c7d79983c0438f9c05d7ab2a42

    • SHA1

      fd9d24d6417273c04a046e4da2bd51f6ac287939

    • SHA256

      69c131d4901fb0f0192a2a97fb48012df696c5bd08a38c34e1553a3bdb9942ac

    • SHA512

      1ab2802727c66834e349f79b51847c79c9f340e3b716add2b4ec8c25d3bd1096c3f82596d2efbe57e922945f965aafe72b1bae30d6fcedfd7799595a5ca190ce

    • SSDEEP

      3072:AcjJ6p7RATueBb6sKGyLY1hhhhhhhhhhhhhhhhhhhhhhhOCD:AcjJ6pWTuet1V1hhhhhhhhhhhhhhhhh/

    Score
    10/10
    discoveryevasionexecutiontrojanasyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      lossless scaling/language/en-US/hiberfil.sys

    • Size

      1KB

    • MD5

      98a99e831c54087770d3fd89f2bb9913

    • SHA1

      26754b638106f4e2c3bdff6780c574384a129972

    • SHA256

      92360a7d4d9bc840a967a86f6bd3651d0d7fb5218d57e3edcd36ad897f908a44

    • SHA512

      cae5a9b95ac842902166cf2d67114f311f6bd9227999654f733b2ef16e4daf8fa2ea5fb5908425243226217fe99e87ded7f9d600a2eb668fb3b4f7d4b0974df2

    Score
    3/10
    behavioral3behavioral4

    • Target

      lossless scaling/language/en-US/pagefile.sys

    • Size

      1.7MB

    • MD5

      df3362c56b3925e0eb83e0a10fb448c7

    • SHA1

      7b82a4de6af8f15994cfa1f179ebf5e0f302e503

    • SHA256

      1de06a9918cdd9e8dd95953f1a6b937d490a6eb228b2a67e5a89b09feab810c3

    • SHA512

      431dbbf045c8a62cacd7e8236ad343287c574b97684d941fe6f94e702fbb2a19675e1849220fa443616bfe2adec0e2218c42d75889333ca489f064e931891785

    • SSDEEP

      49152:bnMeSbStSScWmlrzjQ6bJiZ/9YLgNEz1:b5q2/cxlbKJy1

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks