General

  • Target

    1.zip

  • Size

    483KB

  • Sample

    221004-p9qtmsbab6

  • MD5

    f84b8f1c47e85dca0ba0725d17571ccd

  • SHA1

    31788815627f67b3150e133a409b6e8cb8ee0d40

  • SHA256

    8c1a00e02263f2e8fdc7e04a3037bbad020006319d569162452aa9d616fa4ee7

  • SHA512

    327d6f6529e970b3a601b29d9613443594364c1ab360c6f1ca2086cb8206ca0e6ec9cd6782420a024bb82eea1d18c36c46c689ff2eadb757ae5a63b572dce98d

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

Venom Clients

C2

resulttoday2.duckdns.org:6111

Attributes
delay
1
install
false
install_folder
%AppData%
aes.plain

Targets

    • Target

      URFT06GSBAWRP_001_PDF.exe

    • Size

      300MB

    • MD5

      464753cd8a6523de0fba921ce6846177

    • SHA1

      6b3b77af1129f9ad86acc31163d8450eacb4dbd3

    • SHA256

      3221a50204afcf59f4a836680d1e484903ac3aa389c2105d059efc51b8461092

    • SHA512

      589d0919ddf11d1e8e8eff15a0f78623742e5ab6b16e2b754f519f3bfc7912ccd6c43ad5ffe5c0e11c315f9835936b6b2039dc579527d50cb25333844b0876f2

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                    Privilege Escalation