General

  • Target

    Deepweb.zip

  • Size

    42KB

  • Sample

    231122-aamklsaa9t

  • MD5

    1285c5bfc53625c4ab50ff6263dd3efd

  • SHA1

    473287ea72c99e94a0d362af30d81dd60d2282ab

  • SHA256

    111e2b53dd6fc4aa9153329913d099c629cbab1ac420e739a5ca940e1abee604

  • SHA512

    1dfffaa7f2a693ec55749a4a596a4f3dd36b76599ccf0b6a2574febaf0c31a0693aea93987219665f3c4cf5968abc0be6da62ce95a86f2399876c259912b1ba3

  • SSDEEP

    768:tBttnY7MU9Ae4UQ7b8RLuEO8zXXeNTp+flYJpcZ33zP0tCPHUIrkqCzDjs:s7ke4UQ7VYuNToYJpcBj8tO0IrTeE

Malware Config

Extracted

Family

redline

Botnet

11/21/23

C2

91.92.241.80:1337

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

puredns.o7lab.me

Mutex

puredns.o7lab.me

Attributes
  • delay

    10

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Deepweb.zip

    • Size

      42KB

    • MD5

      1285c5bfc53625c4ab50ff6263dd3efd

    • SHA1

      473287ea72c99e94a0d362af30d81dd60d2282ab

    • SHA256

      111e2b53dd6fc4aa9153329913d099c629cbab1ac420e739a5ca940e1abee604

    • SHA512

      1dfffaa7f2a693ec55749a4a596a4f3dd36b76599ccf0b6a2574febaf0c31a0693aea93987219665f3c4cf5968abc0be6da62ce95a86f2399876c259912b1ba3

    • SSDEEP

      768:tBttnY7MU9Ae4UQ7b8RLuEO8zXXeNTp+flYJpcZ33zP0tCPHUIrkqCzDjs:s7ke4UQ7VYuNToYJpcBj8tO0IrTeE

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Async RAT payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks