General

  • Target

    copy.exe

  • Size

    300MB

  • Sample

    220930-x4tbksfebq

  • MD5

    3bfc4f5d058aac39f3cd1cc7771fb376

  • SHA1

    4f400860ad6e90f17b6abe3f925de5fe47dac4ba

  • SHA256

    05af19f88159fdc48e4039627198ddffacceb086e67a5fe0a76379a490be75a6

  • SHA512

    263be832f00990f423febb1be6f7871841c695c876f051a6f0906dfa9cb577f00b5a6a610fdf36a8c5d3323d2e8b5e171d78fe2e42b4bf6114d6c76476fa236e

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

venom12345.duckdns.org:4449

venomunverified.duckdns.org:4449

Attributes
delay
1
install
false
install_folder
%AppData%
aes.plain

Targets

    • Target

      copy.exe

    • Size

      300MB

    • MD5

      3bfc4f5d058aac39f3cd1cc7771fb376

    • SHA1

      4f400860ad6e90f17b6abe3f925de5fe47dac4ba

    • SHA256

      05af19f88159fdc48e4039627198ddffacceb086e67a5fe0a76379a490be75a6

    • SHA512

      263be832f00990f423febb1be6f7871841c695c876f051a6f0906dfa9cb577f00b5a6a610fdf36a8c5d3323d2e8b5e171d78fe2e42b4bf6114d6c76476fa236e

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                      Privilege Escalation