General

  • Target

    Cheto Cracked @RFREE.exe

  • Size

    1.1MB

  • Sample

    231114-w7twvach42

  • MD5

    5f648871239d1c45baef196edf36b4af

  • SHA1

    bc7765059fd8d9c921ec3ace34d8b9c90db92d77

  • SHA256

    cd13acc777fcf8260bee6ac66b912bbbe12f5e1c695e34bc481d75d96c1c9662

  • SHA512

    74d5f9334d8513e251e744838e381b15eb4045d4594fce467c835aa1d0e1e6489790a495f80c683786fc92291733b6f926f6e079145bb55ee5f6881c18e1fb3d

  • SSDEEP

    24576:vWOwFEdY2t+YKgHZENB8SWySm3uOywWgtaQUUlq/:uTWdYBaE78WSm3uBwhlq

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

xdatarfree.ddns.net:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Cheto Cracked @RFREE.exe

    • Size

      1.1MB

    • MD5

      5f648871239d1c45baef196edf36b4af

    • SHA1

      bc7765059fd8d9c921ec3ace34d8b9c90db92d77

    • SHA256

      cd13acc777fcf8260bee6ac66b912bbbe12f5e1c695e34bc481d75d96c1c9662

    • SHA512

      74d5f9334d8513e251e744838e381b15eb4045d4594fce467c835aa1d0e1e6489790a495f80c683786fc92291733b6f926f6e079145bb55ee5f6881c18e1fb3d

    • SSDEEP

      24576:vWOwFEdY2t+YKgHZENB8SWySm3uOywWgtaQUUlq/:uTWdYBaE78WSm3uBwhlq

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks