General

  • Target

    654f5bd0b7ac312458648a661796c16430739dc38f55139d6e7ae0e4d6115d15

  • Size

    5.1MB

  • Sample

    220704-t5vn9aacen

  • MD5

    b18a9b0fba6a95c29bf6fe1187a95e22

  • SHA1

    f53dfa8f06ee213005c8a9fdfd564a72e3ce2159

  • SHA256

    654f5bd0b7ac312458648a661796c16430739dc38f55139d6e7ae0e4d6115d15

  • SHA512

    a09220560b75bacacdf2ae7a9660aec7ec35aa975766b74a34b712350555f7e4eb4ed30a343cc2b67c6613cee8c7e4dc77a418a684f8ad814c1c99331af668f5

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

ads2

C2

137.74.157.86:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      654f5bd0b7ac312458648a661796c16430739dc38f55139d6e7ae0e4d6115d15

    • Size

      5.1MB

    • MD5

      b18a9b0fba6a95c29bf6fe1187a95e22

    • SHA1

      f53dfa8f06ee213005c8a9fdfd564a72e3ce2159

    • SHA256

      654f5bd0b7ac312458648a661796c16430739dc38f55139d6e7ae0e4d6115d15

    • SHA512

      a09220560b75bacacdf2ae7a9660aec7ec35aa975766b74a34b712350555f7e4eb4ed30a343cc2b67c6613cee8c7e4dc77a418a684f8ad814c1c99331af668f5

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Process Discovery

1
T1057

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Tasks