Overview

overview

10

Static

static

10

Exudify/Exudify.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Exudify.rar

  • Size

    252KB

  • Sample

    230626-bkpndsfd95

  • MD5

    42aacc94a19f618d5f5b79fb6397c57c

  • SHA1

    640c96ef66831b1b1216a1cf05f942638d14e02e

  • SHA256

    1059df2c5d33d674c521109d84af6e7f42f80f49e0e1dd2f988533f475bca62c

  • SHA512

    0c8dee61a4bc781740b966898519f2c1c10bb744cfe771f874034c457fab2490c0b5492233205a4c37b7439fba7c54df0d0ebc6cd7a79953cfdee6c15b3070cc

  • SSDEEP

    6144:bma786e4BZ6q3l61TtUWrjv5IgAvdb0cSH2RMDTza+noHJB:b/7njBL45mxb75CDTz2HJB

Score
10/10
asyncratexodusdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

exodus

C2

45.154.98.42:4449

Mutex

mtwqrwlcaqjp

Attributes
  • delay

    1

  • install

    true

  • install_file

    exudifyconfig.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Exudify/Exudify.exe

    • Size

      338KB

    • MD5

      20b61a58d7cfed8465718f10173636f2

    • SHA1

      6a82be7188d1e7827f24c3ef2a605369075212ec

    • SHA256

      0ea528ae0f3931379941f569ae55f0ec2c0714ccd1c2c36cc39e20ba58e11113

    • SHA512

      473cf9aa35a38499b496a3ace758827e9e9d322fdafbb0d6fb4f7b1ec687b14f49bf2ae044d75dfc9e259dbe913ad4c1fec1777413abf882e349e9bec5f4c1eb

    • SSDEEP

      3072:FUjcxsny6PMVCtDH1b6/bQSEII/ejywpVF1oXgPvak7ndBY:FSy6PMVAVbghEV/e+YoQ6kTD

    Score
    10/10
    asyncratexodusdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks