General

  • Target

    f0ba0fdaeb248b67341c740cb728b056516768bee672c4df22f38dbad3598bde

  • Size

    402KB

  • Sample

    221004-ec5anabch2

  • MD5

    ca0d504d89fbea69214e40b896079d8b

  • SHA1

    0c43265dd0448395cc3c88fd9dcc828dc95ec016

  • SHA256

    f0ba0fdaeb248b67341c740cb728b056516768bee672c4df22f38dbad3598bde

  • SHA512

    a5f9d41e04157f6b15c8729d09cb65c546bfb288368476f62a87387d395305e9c3098d63eb7ab12b404273b6cc37513ae27d3f5e9ca0005d1e85fef43a091cbe

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.4

Botnet

MAY 17

C2

paris-comrademay17.duckdns.org:25045

Attributes
delay
1
install
false
install_folder
%AppData%
aes.plain

Targets

    • Target

      4029013#.exe

    • Size

      300MB

    • MD5

      41308dae88480a4eaf61b36767990bbe

    • SHA1

      a347f3eb607df4c47b9473818866bcad6aef4e96

    • SHA256

      190324c758fe4e21f2254d10bc9871b5e8a2e0f063a0b49f1680b3ee9f8da519

    • SHA512

      ee0812562d7f0f16ea75ccc236ac85c986c47ed52fc75ffb8d1a21d9c62cb90855963d2678dfc01345e97f5435d320d0ba982d82f1d7395d066b843e49479c42

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                  Privilege Escalation