General

  • Target

    All in One Checker.rar

  • Size

    40KB

  • Sample

    240117-t29c8sagfn

  • MD5

    763b2c4b1080763ad6765161aad35231

  • SHA1

    82c2527865ed3b008bef1b82d95b7f1af816c797

  • SHA256

    ec1bd0063b817e0a9b9456add566fb5f9efec92080a57e2dd49830c292236286

  • SHA512

    bc7696a53d224b6d39a0204768603401b50a90b00b5a06e5dc53f7c58c0b43668cbb4b932d873f2cf224d198547692110c3473345ab22845a93a4f9bf5aa657c

  • SSDEEP

    768:0ozhV8Cuz1SR/ov0Qs9gcIIASrsWCrM8PI9DCVf+SIPUkRl2rlMIn82wIioY2M:04PuJSRANs9gcWStjLCYvRQrlz/M

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

Mutex

Setup

Attributes
  • delay

    1

  • install

    true

  • install_file

    Setup.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Setup.exe

    • Size

      81KB

    • MD5

      e109df5382385c5edfc6d3440b39b8fd

    • SHA1

      3dc8f8386bb5c30fe03290822c101868f90d14cc

    • SHA256

      fbd3de7c709134d287b13a9c1a4b7e59550b73f1f0b77eb1926aea53f48c2dc0

    • SHA512

      191b19bdb57c80c36be042b92bc0a501dfbece21387031d8f63d1375de091e4c1259859b428ee75c53859548365a4a954a284f73f66254f53541af5fa3393bd6

    • SSDEEP

      1536:cRU98cxpeaC/zPMVqYdNJALSUIcH1bP/opzVxEQzcZChs+zjbLVclN:CU+cxp7AzPMV3JPGH1bPAzVxEQjbBY

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks