General
-
Target
0lXGBz7ZMe.exe
-
Size
74KB
-
Sample
250315-qdd1mst1dz
-
MD5
484c9d7582a74eb6fac05b9c7e4eac44
-
SHA1
de1bce03ce38f32866ee0f545c1a7d94748ee7cf
-
SHA256
fb0569e9a61a133ef7382181966c3bd3e21bc32d078804edbe1eea80cde43af4
-
SHA512
90aaf9c27267ab318ac7d7e845678c6bf742ebadf7d785d0a03cdb9fd3abd0fbb866a5672ee0da4ffd04345192e2f49d24e0d8ab502a31ba790929f9a00dee22
-
SSDEEP
1536:9UpGcx5NVCQkPMV+O9VdQuDI6H1bf/BMO5QyQzcBLVclN:9Uscx5zTkPMV+O9VdQsH1bficQyQYBY
Behavioral task
behavioral1
Sample
0lXGBz7ZMe.exe
Resource
win7-20250207-en
Malware Config
Extracted
asyncrat
| Controller
Default
20.206.204.9:4449
ammmjprqjnqswrieh
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
0lXGBz7ZMe.exe
-
Size
74KB
-
MD5
484c9d7582a74eb6fac05b9c7e4eac44
-
SHA1
de1bce03ce38f32866ee0f545c1a7d94748ee7cf
-
SHA256
fb0569e9a61a133ef7382181966c3bd3e21bc32d078804edbe1eea80cde43af4
-
SHA512
90aaf9c27267ab318ac7d7e845678c6bf742ebadf7d785d0a03cdb9fd3abd0fbb866a5672ee0da4ffd04345192e2f49d24e0d8ab502a31ba790929f9a00dee22
-
SSDEEP
1536:9UpGcx5NVCQkPMV+O9VdQuDI6H1bf/BMO5QyQzcBLVclN:9Uscx5zTkPMV+O9VdQsH1bficQyQYBY
-
Asyncrat family
-
Modifies Windows Defender Real-time Protection settings
-
StormKitty payload
-
Stormkitty family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
UAC bypass
-
Venomrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1