General

  • Target

    12313131.exe

  • Size

    63KB

  • Sample

    231113-zlkb3afe27

  • MD5

    cd201d62dcef88f870d3738947c27a92

  • SHA1

    8a2e40a265be4b66975c607572efcd79b366fb14

  • SHA256

    8c6729592cc5f22b14d30c82fd21dd415b1c044b8c3b28d15a2ac19568fb40dd

  • SHA512

    a98a9d8ca9797f7748fd59085033bc8465ed4fce512ef7077418a007fca0a028a9cc72a7aac1b132d96032c9ecb03534d9af36ef46bbd6991c760fb5fac26f1c

  • SSDEEP

    1536:khIBLTM3Ufc0cMd2bkGGbbTwuHCGqDpqKmY7:khIBLTM3Ufc6d2pGbbTp4gz

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

agent-thumbnail.gl.at.ply.gg:21402

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      12313131.exe

    • Size

      63KB

    • MD5

      cd201d62dcef88f870d3738947c27a92

    • SHA1

      8a2e40a265be4b66975c607572efcd79b366fb14

    • SHA256

      8c6729592cc5f22b14d30c82fd21dd415b1c044b8c3b28d15a2ac19568fb40dd

    • SHA512

      a98a9d8ca9797f7748fd59085033bc8465ed4fce512ef7077418a007fca0a028a9cc72a7aac1b132d96032c9ecb03534d9af36ef46bbd6991c760fb5fac26f1c

    • SSDEEP

      1536:khIBLTM3Ufc0cMd2bkGGbbTwuHCGqDpqKmY7:khIBLTM3Ufc6d2pGbbTp4gz

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • UAC bypass

    • Async RAT payload

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks