General

  • Target

    95fd57f641b8e2c38909090e20d6216242aa7bdab79b2e8537153acd5401a211

  • Size

    75KB

  • Sample

    230424-17kemaeh42

  • MD5

    e90303c5b9fcdfb0d98bc0fcd481d9d7

  • SHA1

    1fcfd04f2f5f34cb291a2d916e6af899160258f9

  • SHA256

    95fd57f641b8e2c38909090e20d6216242aa7bdab79b2e8537153acd5401a211

  • SHA512

    11323d67db1936defe48cc3efc8832a960af292ca3720ec3447e1c010d9409eb82a8791884277c5228775701e09b07cb7761ca517f622d41b69baeeae3ac5589

  • SSDEEP

    1536:ZyC/PCJE7z2Pl5ktGtOGa1KYNEtnJXDC8Z8c+kWl:KPjOUk8Kc+Dl

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.1

Botnet

Default

C2

185.106.94.165:2323

Mutex

flhftndjmhyxqvenrpt

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      95fd57f641b8e2c38909090e20d6216242aa7bdab79b2e8537153acd5401a211

    • Size

      75KB

    • MD5

      e90303c5b9fcdfb0d98bc0fcd481d9d7

    • SHA1

      1fcfd04f2f5f34cb291a2d916e6af899160258f9

    • SHA256

      95fd57f641b8e2c38909090e20d6216242aa7bdab79b2e8537153acd5401a211

    • SHA512

      11323d67db1936defe48cc3efc8832a960af292ca3720ec3447e1c010d9409eb82a8791884277c5228775701e09b07cb7761ca517f622d41b69baeeae3ac5589

    • SSDEEP

      1536:ZyC/PCJE7z2Pl5ktGtOGa1KYNEtnJXDC8Z8c+kWl:KPjOUk8Kc+Dl

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks