General

  • Target

    b97e887c34e4c51185710f3e495bb479a3a5376b0fa5c8a3828ecc12ff4bcab9

  • Size

    1MB

  • Sample

    231207-s4qs8sch94

  • MD5

    9ad26bb1c0b4b036924ca19466970f68

  • SHA1

    b6079c55e40206fbc4d1ead67d36ba7d8b850eca

  • SHA256

    b97e887c34e4c51185710f3e495bb479a3a5376b0fa5c8a3828ecc12ff4bcab9

  • SHA512

    33f71941d5c0e9c6598468d8f1837ecc3f4d204d936d23469ddf178de9c147b06f3bed2c616e1a156192c397f499c3c01406846a993a81f50dd4328efe7f1a4d

  • SSDEEP

    49152:LfwEitJhjw4g6Rcdz8brR4WdzbcLav8TWwzzeWof94TV/F8RvF9:8EiJjRg6Rcdz8brRxd0LavKLof98V/FO

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

113.207.105.195:15806

Mutex

hanpmclowlyazr

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      b97e887c34e4c51185710f3e495bb479a3a5376b0fa5c8a3828ecc12ff4bcab9

    • Size

      1MB

    • MD5

      9ad26bb1c0b4b036924ca19466970f68

    • SHA1

      b6079c55e40206fbc4d1ead67d36ba7d8b850eca

    • SHA256

      b97e887c34e4c51185710f3e495bb479a3a5376b0fa5c8a3828ecc12ff4bcab9

    • SHA512

      33f71941d5c0e9c6598468d8f1837ecc3f4d204d936d23469ddf178de9c147b06f3bed2c616e1a156192c397f499c3c01406846a993a81f50dd4328efe7f1a4d

    • SSDEEP

      49152:LfwEitJhjw4g6Rcdz8brR4WdzbcLav8TWwzzeWof94TV/F8RvF9:8EiJjRg6Rcdz8brRxd0LavKLof98V/FO

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v13

Tasks