Resubmissions

17/01/2024, 11:41

240117-ntgelafba9 10

17/01/2024, 10:38

240117-mplm3sdefq 10

16/01/2024, 22:42

240116-2mwgtschh3 10

General

  • Target

    hey.exe

  • Size

    33KB

  • Sample

    240117-ntgelafba9

  • MD5

    f8b17fa3bc1c5e815d843869b7fd9c04

  • SHA1

    2c06449f3800cfe70895e6068b828861aaca78f3

  • SHA256

    4d3d9f280ede6495587dd0550031a76654024c28292ff26cb73953f63ddadb13

  • SHA512

    289d9535488edba8cb2a2b170d40552d4482dac6e26c6d64689ef53956dfb3f2a8e8bbd03a5bad9efa36fbd9954f25ec62955d40e392db929845974886efd3f1

  • SSDEEP

    384:xkXYJD5aKS/Xd4T/p5g/z5EKnrYJGNqo99ayZocpMQiW4zmkZXOfq1GK2NkLphi3:x4KUgg/z5vnEMsonUXbOfq1+kaZdN

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom Pwn3rzs' Edtition v6.0.1

Botnet

Default

C2

194.33.191.245:2405

Mutex

ucglovygcuqcsabs

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      hey.exe

    • Size

      33KB

    • MD5

      f8b17fa3bc1c5e815d843869b7fd9c04

    • SHA1

      2c06449f3800cfe70895e6068b828861aaca78f3

    • SHA256

      4d3d9f280ede6495587dd0550031a76654024c28292ff26cb73953f63ddadb13

    • SHA512

      289d9535488edba8cb2a2b170d40552d4482dac6e26c6d64689ef53956dfb3f2a8e8bbd03a5bad9efa36fbd9954f25ec62955d40e392db929845974886efd3f1

    • SSDEEP

      384:xkXYJD5aKS/Xd4T/p5g/z5EKnrYJGNqo99ayZocpMQiW4zmkZXOfq1GK2NkLphi3:x4KUgg/z5vnEMsonUXbOfq1+kaZdN

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks