General

  • Target

    801faa49ecd76c4d640c4e0aaaa05cd28feeac6721f82b44631a8e36048e504f

  • Size

    3MB

  • Sample

    231207-rr89dabh84

  • MD5

    3c7191e978aa1a3e59c863958e31e151

  • SHA1

    dc1a72af7f995ee6a3a22751d3a878738212a39b

  • SHA256

    801faa49ecd76c4d640c4e0aaaa05cd28feeac6721f82b44631a8e36048e504f

  • SHA512

    eb50299d3fb682c611d786d9004fa79cd2734bc56e58c3803c62b1138cddcd928ea3fef7b9dcb076259136d05e60569aaa5f1b2c7cfa802e635a19271203a2ec

  • SSDEEP

    49152:98aJh3tR1C7whaIASlhkPJFMZeieXuYEc1rJeWky8AA2QFIBPqqv:98y3tR1C7wBASvo02vqqv

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

113.207.105.200:3201

Mutex

bfvvdzggtbdmht

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      801faa49ecd76c4d640c4e0aaaa05cd28feeac6721f82b44631a8e36048e504f

    • Size

      3MB

    • MD5

      3c7191e978aa1a3e59c863958e31e151

    • SHA1

      dc1a72af7f995ee6a3a22751d3a878738212a39b

    • SHA256

      801faa49ecd76c4d640c4e0aaaa05cd28feeac6721f82b44631a8e36048e504f

    • SHA512

      eb50299d3fb682c611d786d9004fa79cd2734bc56e58c3803c62b1138cddcd928ea3fef7b9dcb076259136d05e60569aaa5f1b2c7cfa802e635a19271203a2ec

    • SSDEEP

      49152:98aJh3tR1C7whaIASlhkPJFMZeieXuYEc1rJeWky8AA2QFIBPqqv:98y3tR1C7wBASvo02vqqv

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v13

Tasks