General

  • Target

    22c1b1887ed7fe6986fee6a7c4d926c4f6f598815f5bce51005de59e0c259b13.exe

  • Size

    8.9MB

  • Sample

    220906-g53cwagcf3

  • MD5

    aab5782551a7f2c6b4465d6c83387ecd

  • SHA1

    e7fb82e31bb8afd96c0ed068bea37beb5bb880b9

  • SHA256

    22c1b1887ed7fe6986fee6a7c4d926c4f6f598815f5bce51005de59e0c259b13

  • SHA512

    1096339b094a2546181d71e877858a5260ceb77563956a58b3cb1abd0d4bb3784928daf276bc5ccecc08fc84d2e979e061aa5cc9246e686e80ff01d725d9ff52

  • SSDEEP

    196608:uukuAqO5c26TcKS3wg7/h6VLAWsYEgscmMTtOI/o363RtuaYe9:uqAfc2KDS3F7/h+EBgscpTtOaoSRtul4

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

VenomRAT_HVNC 5.0.4

Botnet

System

C2

127.0.0.1:2322

127.0.0.1:13817

2.tcp.ngrok.io:2322

2.tcp.ngrok.io:13817

Mutex

tXTIPkhRL

Attributes
  • delay

    0

  • install

    true

  • install_file

    System.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      22c1b1887ed7fe6986fee6a7c4d926c4f6f598815f5bce51005de59e0c259b13.exe

    • Size

      8.9MB

    • MD5

      aab5782551a7f2c6b4465d6c83387ecd

    • SHA1

      e7fb82e31bb8afd96c0ed068bea37beb5bb880b9

    • SHA256

      22c1b1887ed7fe6986fee6a7c4d926c4f6f598815f5bce51005de59e0c259b13

    • SHA512

      1096339b094a2546181d71e877858a5260ceb77563956a58b3cb1abd0d4bb3784928daf276bc5ccecc08fc84d2e979e061aa5cc9246e686e80ff01d725d9ff52

    • SSDEEP

      196608:uukuAqO5c26TcKS3wg7/h6VLAWsYEgscmMTtOI/o363RtuaYe9:uqAfc2KDS3F7/h+EBgscpTtOaoSRtul4

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks