Overview

overview

10

Static

static

3

AMIRA GENE...05.exe

windows7-x64

10

AMIRA GENE...05.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AMIRA GENERAL TRADING WHOLESALERS-20250204-100384063200005.exe

  • Size

    653KB

  • Sample

    250204-l4mcgsvlhm

  • MD5

    a50c7117de5b0903997f17e7e0fb578a

  • SHA1

    7fd5ed6db6d3c00eaf5f2aac9f19226bb92950e1

  • SHA256

    a00800376b138d0630d4d85572f46e64919750371c670aa677e80af318711ba1

  • SHA512

    203728b58c83c153e54a45376040eb039f89b6d6560a9315ba8d12244761d3b45d9db72ceb95345a623f40222436507ec0b3459057180d86a58186bd812ca844

  • SSDEEP

    12288:AlfGzZ+AqL9cAVdtYuDF2KHmQVuGiIA1WXZL0CeEEjQp8GfLi2YgJ:AlfGzAVBcYjDF2KG0xi1WpL07Elp/LIO

Score
10/10
asyncratguloaderdefaultdiscoverydownloaderpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

109.248.151.171:63393

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      AMIRA GENERAL TRADING WHOLESALERS-20250204-100384063200005.exe

    • Size

      653KB

    • MD5

      a50c7117de5b0903997f17e7e0fb578a

    • SHA1

      7fd5ed6db6d3c00eaf5f2aac9f19226bb92950e1

    • SHA256

      a00800376b138d0630d4d85572f46e64919750371c670aa677e80af318711ba1

    • SHA512

      203728b58c83c153e54a45376040eb039f89b6d6560a9315ba8d12244761d3b45d9db72ceb95345a623f40222436507ec0b3459057180d86a58186bd812ca844

    • SSDEEP

      12288:AlfGzZ+AqL9cAVdtYuDF2KHmQVuGiIA1WXZL0CeEEjQp8GfLi2YgJ:AlfGzAVBcYjDF2KG0xi1WpL07Elp/LIO

    Score
    10/10
    asyncratguloaderdefaultdiscoverydownloaderpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      e23600029d1b09bdb1d422fb4e46f5a6

    • SHA1

      5d64a2f6a257a98a689a3db9a087a0fd5f180096

    • SHA256

      7342b73593b3aa1b15e3731bfb1afd1961802a5c66343bac9a2c737ee94f4e38

    • SHA512

      c971f513142633ce0e6ec6a04c754a286da8016563dab368c3fac83aef81fa3e9df1003c4b63d00a46351a9d18eaa7ae7645caef172e5e1d6e29123ab864e7ac

    • SSDEEP

      192:Vm9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks