Analysis
-
max time kernel
481s -
max time network
491s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 17:19
Behavioral task
behavioral1
Sample
Asteroid + Injector 24.5.2.zip
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
AsteroidPC.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Sources/injector.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Sources/read me.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
injector.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
injector.pyc
Resource
win10v2004-20240611-en
General
-
Target
Sources/injector.py
-
Size
2KB
-
MD5
227b4fc4e67f796b76d444142a14686a
-
SHA1
7406c13fea21f5bc69d337fa4f470ab6f9a5ac9e
-
SHA256
d7f344bd8c28b2bf8dce2c757d0f5a2d6e611fd0bb0f44afa85eea4cba53bfe1
-
SHA512
49be54af12c4ce6192f3cbf0c9a0c21725bd9e2ff5c515f64ad6fc604e94c3939f401e8867a5de122482b32e42542f7f57652a173dfa44a843b45c29f66d6314
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 208 OpenWith.exe