Overview

overview

10

Static

static

3

lossless scaling.zip

windows10-ltsc 2021-x64

1

lossless scaling.zip

windows11-21h2-x64

1

lossless s...ck.bat

windows10-ltsc 2021-x64

10

lossless s...ck.bat

windows11-21h2-x64

10

password 123.txt

windows10-ltsc 2021-x64

1

password 123.txt

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lossless scaling.zip

  • Size

    16.6MB

  • Sample

    250125-mshqlayqh1

  • MD5

    0058b69db2d53fee60ccdd89644409f6

  • SHA1

    71cb66ec0629c4bd8c1e8343a56cfeb10c70e877

  • SHA256

    13a4ee1ad422e22d1b428cb6f9a449bd311ec7f3c8d0d1341a6f7dfaa5d015ea

  • SHA512

    2187b50bc12330327eff3e6b1ff743bf8860ed4e4291bcba188f6faa7ac88865c0eaf94e5b9c033c1f1babb3a00fbaf239a527a52221048a57c9c948e2684f00

  • SSDEEP

    393216:jNLBJPFcd+rf68HlGHLF7gAisqDfagNUTi1yswcTxe7M5vm/hgJ8FGaY:ZzFpBHlGHFgjswi0r13ZeAahu8Fe

Score
10/10
asyncratdefaultdefense_evasiondiscoveryexecutionrattrojan

Malware Config

Extracted

Family

asyncrat

Version

A 14

Botnet

Default

C2

3x3.casacam.net:303

Mutex

MaterxMutex_Egypt2

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      lossless scaling.zip

    • Size

      16.6MB

    • MD5

      0058b69db2d53fee60ccdd89644409f6

    • SHA1

      71cb66ec0629c4bd8c1e8343a56cfeb10c70e877

    • SHA256

      13a4ee1ad422e22d1b428cb6f9a449bd311ec7f3c8d0d1341a6f7dfaa5d015ea

    • SHA512

      2187b50bc12330327eff3e6b1ff743bf8860ed4e4291bcba188f6faa7ac88865c0eaf94e5b9c033c1f1babb3a00fbaf239a527a52221048a57c9c948e2684f00

    • SSDEEP

      393216:jNLBJPFcd+rf68HlGHLF7gAisqDfagNUTi1yswcTxe7M5vm/hgJ8FGaY:ZzFpBHlGHFgjswi0r13ZeAahu8Fe

    Score
    1/10
    behavioral1behavioral2

    • Target

      lossless scaling/Crack.bat

    • Size

      16KB

    • MD5

      1f5ea98d27f9d4dfe7da57a12ab5cfb7

    • SHA1

      2565fb81fe31c17562106ab046f9d8a8f1d0b3c5

    • SHA256

      9dba4747cdba2b31fbbcd2c30ef3c71d2e63ae01a8cd1765d385d065bafa21e5

    • SHA512

      3e35d5d4d2212376eeed7be09aaeb6ed200d644ef50122f586a51f130d027f3e54f7af9bd14ba184a0ffe4a13f4cb4dff9e5da776df24f7b710f665aece3dfe4

    • SSDEEP

      192:wA7T3nY6jgx4v7UHKtg+NS+7iASgon5ydpakLNfW9FATzSdcO7lgtVhwqgc8Z+Co:nya1TwSaerstRGj

    Score
    10/10
    asyncratdefaultdefense_evasiondiscoveryexecutionrattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • UAC bypass

      defense_evasiontrojan

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      password 123.txt

    • Size

      14B

    • MD5

      a244234f5ca1dcc37d963d376440350f

    • SHA1

      8f50bfb83af644d9e5337590a97e5a9880e64cb1

    • SHA256

      81b78580c045f333ab66adc76b42b27613d65cfbe3528dada98f5ae9c0258609

    • SHA512

      0e61e2a548670d297ebab893a45735659d838f4450f7d22643a77b2cc008df830ac7d36e40d46afbd8c31f494b112f9b0a268b14bf4c36eb39f8e47f48b73647

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks