General

  • Target

    Update.bat

  • Size

    303KB

  • Sample

    240309-xmsnqagb3z

  • MD5

    9574f1be21b67338ff89f7822d497b6c

  • SHA1

    04ffcb12ddae19a42d6ca114ee4b8a3217d77ff4

  • SHA256

    d57da5dbfd8710be350680348344d6e3a319b596cda91475fdd9d007bdf6de1d

  • SHA512

    813cf4b4fdcf0c76ed2f13389596d72278c11d4da08a16725da7b22495ea1c2c876262b36e4eb884335b5ac5125efb1d62a76167fec82e67c99299ceee3b622a

  • SSDEEP

    6144:UcOIzE+4SSmeYpiePKsu6MQRLngYGseXp1PwY6:CqEJzYK6MQxgYGseZz6

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Growtopia

C2

163.5.215.225:1602

Mutex

hoosnuxddbjezlt

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Update.bat

    • Size

      303KB

    • MD5

      9574f1be21b67338ff89f7822d497b6c

    • SHA1

      04ffcb12ddae19a42d6ca114ee4b8a3217d77ff4

    • SHA256

      d57da5dbfd8710be350680348344d6e3a319b596cda91475fdd9d007bdf6de1d

    • SHA512

      813cf4b4fdcf0c76ed2f13389596d72278c11d4da08a16725da7b22495ea1c2c876262b36e4eb884335b5ac5125efb1d62a76167fec82e67c99299ceee3b622a

    • SSDEEP

      6144:UcOIzE+4SSmeYpiePKsu6MQRLngYGseXp1PwY6:CqEJzYK6MQxgYGseZz6

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks