Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c13935ce459215baf7b863cf206747125cacca60793e81ca06ee66139eeba79

  • Size

    455KB

  • Sample

    220510-neb7bsbdej

  • MD5

    f383aca77ec8694ab609f6c6ee464bde

  • SHA1

    836abb931164edf8ea1ec1437b94eed0fc568049

  • SHA256

    6c13935ce459215baf7b863cf206747125cacca60793e81ca06ee66139eeba79

  • SHA512

    7acba871babb6cba09d1e444387d4d282f65b951b16127145521cd70915995425de6efc72a5f6400c81371734e5a47eaa33ed76ce06586f45fc8df1108af4040

Score
10/10
asyncratvenom clientsratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

194.5.97.88:5050

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      6c13935ce459215baf7b863cf206747125cacca60793e81ca06ee66139eeba79

    • Size

      455KB

    • MD5

      f383aca77ec8694ab609f6c6ee464bde

    • SHA1

      836abb931164edf8ea1ec1437b94eed0fc568049

    • SHA256

      6c13935ce459215baf7b863cf206747125cacca60793e81ca06ee66139eeba79

    • SHA512

      7acba871babb6cba09d1e444387d4d282f65b951b16127145521cd70915995425de6efc72a5f6400c81371734e5a47eaa33ed76ce06586f45fc8df1108af4040

    Score
    10/10
    asyncratvenom clientsratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks