General

  • Target

    0x002e000000016231-129.dat

  • Size

    73KB

  • Sample

    240120-2jslrsacd8

  • MD5

    25b6389bbaa746df85d53714d4a6d477

  • SHA1

    86e6443e902f180f32fb434e06ecf45d484582e3

  • SHA256

    4b02692bf468a164e333bbfc961c5974d0a95009a72ea8bff2e9cb677eae4f56

  • SHA512

    6ad22c119b548f0e8ed5adb6c9f48c33b356340a7309c8185bec817f2562ae99760ff79e131c89bce2be122b6385bee610704f37edb7f1656a1b9d4782a1fcf4

  • SSDEEP

    1536:6aUqAcxVMW7eTmJ9rxjJTkdK4WaxHdSzPMwy/eqmmRhdWVH1bfbVCNIrXQlwzUIE:6aUTcxVMW7eiJ9rxjJTkdK4WaP0PMwhq

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.2

Botnet

Default

C2

93.123.39.68:4449

Mutex

kszghixltbdczq

Attributes
  • delay

    1

  • install

    true

  • install_file

    chromeupdate.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      0x002e000000016231-129.dat

    • Size

      73KB

    • MD5

      25b6389bbaa746df85d53714d4a6d477

    • SHA1

      86e6443e902f180f32fb434e06ecf45d484582e3

    • SHA256

      4b02692bf468a164e333bbfc961c5974d0a95009a72ea8bff2e9cb677eae4f56

    • SHA512

      6ad22c119b548f0e8ed5adb6c9f48c33b356340a7309c8185bec817f2562ae99760ff79e131c89bce2be122b6385bee610704f37edb7f1656a1b9d4782a1fcf4

    • SSDEEP

      1536:6aUqAcxVMW7eTmJ9rxjJTkdK4WaxHdSzPMwy/eqmmRhdWVH1bfbVCNIrXQlwzUIE:6aUTcxVMW7eiJ9rxjJTkdK4WaP0PMwhq

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks