Overview

overview

10

Static

static

1

b3c5e464e4...e3.zip

windows7-x64

1

b3c5e464e4...e3.zip

windows10-2004-x64

1

INVOICE#BU...03.vhd

windows7-x64

3

INVOICE#BU...03.vhd

windows10-2004-x64

3

$RECYCLE.B...2Y.lnk

windows7-x64

3

$RECYCLE.B...2Y.lnk

windows10-2004-x64

3

$RECYCLE.B...CZ.url

windows7-x64

1

$RECYCLE.B...CZ.url

windows10-2004-x64

1

$RECYCLE.B...JO.url

windows7-x64

1

$RECYCLE.B...JO.url

windows10-2004-x64

1

$RECYCLE.B...G6.lnk

windows7-x64

3

$RECYCLE.B...G6.lnk

windows10-2004-x64

3

$RECYCLE.B...O0.cmd

windows7-x64

1

$RECYCLE.B...O0.cmd

windows10-2004-x64

1

$RECYCLE.B...21.txt

windows7-x64

1

$RECYCLE.B...21.txt

windows10-2004-x64

1

$RECYCLE.B...65.vhd

windows7-x64

3

$RECYCLE.B...65.vhd

windows10-2004-x64

3

$RECYCLE.B...2Y.lnk

windows7-x64

3

$RECYCLE.B...2Y.lnk

windows10-2004-x64

3

$RECYCLE.B...CZ.url

windows7-x64

1

$RECYCLE.B...CZ.url

windows10-2004-x64

1

$RECYCLE.B...JO.url

windows7-x64

1

$RECYCLE.B...JO.url

windows10-2004-x64

1

$RECYCLE.B...G6.lnk

windows7-x64

3

$RECYCLE.B...G6.lnk

windows10-2004-x64

6

$RECYCLE.B...O0.cmd

windows7-x64

1

$RECYCLE.B...O0.cmd

windows10-2004-x64

10

$RECYCLE.B...65.vhd

windows7-x64

3

$RECYCLE.B...65.vhd

windows10-2004-x64

3

$RECYCLE.B...op.ini

windows7-x64

1

$RECYCLE.B...op.ini

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3c5e464e43d7db2432f3e28de75bd0eee8fa7a2b7b6fef7134e7115d6681be3.zip

  • Size

    213KB

  • Sample

    240325-ryaz6adg3s

  • MD5

    a85e94fe7047f62fe6d4eaf947b1a8d2

  • SHA1

    c405dd70b05d9854a388ea536870a8752ee18c8d

  • SHA256

    b3c5e464e43d7db2432f3e28de75bd0eee8fa7a2b7b6fef7134e7115d6681be3

  • SHA512

    05f2ea9dfe9332602546be81b7597287b6443e034f6611b87c4ac843bebf3e59b2980ce58140fb16969a6ccef069e3db1a0298409a018f5db43939ee70e7bd79

  • SSDEEP

    3072:7fSygwwo8ryZx8K9gaUC3EBuMjsVuLMG2JewpqtcySn5gPqLvxwnVt6yYGifnrcj:7Xg6VtUoEBuYHLMrgcn5gPmvut6Asrcj

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

kdfsv.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      b3c5e464e43d7db2432f3e28de75bd0eee8fa7a2b7b6fef7134e7115d6681be3.zip

    • Size

      213KB

    • MD5

      a85e94fe7047f62fe6d4eaf947b1a8d2

    • SHA1

      c405dd70b05d9854a388ea536870a8752ee18c8d

    • SHA256

      b3c5e464e43d7db2432f3e28de75bd0eee8fa7a2b7b6fef7134e7115d6681be3

    • SHA512

      05f2ea9dfe9332602546be81b7597287b6443e034f6611b87c4ac843bebf3e59b2980ce58140fb16969a6ccef069e3db1a0298409a018f5db43939ee70e7bd79

    • SSDEEP

      3072:7fSygwwo8ryZx8K9gaUC3EBuMjsVuLMG2JewpqtcySn5gPqLvxwnVt6yYGifnrcj:7Xg6VtUoEBuYHLMrgcn5gPmvut6Asrcj

    Score
    1/10
    behavioral1behavioral2

    • Target

      INVOICE#BUSAPOMKDS03.vhd

    • Size

      12.0MB

    • MD5

      48474a628c23106feb4587f36b68e5e2

    • SHA1

      d34a9f2003a784774d9401e27a89ecf29817dc9d

    • SHA256

      50c4bbc5e7bda11990739e93a32b18669d6142d0b155d1ee9509722659caa3bf

    • SHA512

      5c5aa7dabd3b174639540e3a444e545eb67e6c256db5ac48efa6e68361d52a589b3124a297446ac08721909eb58a9dc516d3b21d40db4ec9431522456bf95f80

    • SSDEEP

      6144:nlqlGC6H45QtiLJfhB+ZVBGIXcSIcnXy2wg9f5ZezrKWTPd:KLzC7yRqf5szrKQPd

    Score
    3/10
    behavioral3behavioral4

    • Target

      $RECYCLE.BIN/$I47GN2Y.lnk

    • Size

      80B

    • MD5

      c4c83a7cde1a36fad94aa77c0e15d06d

    • SHA1

      bfb66c1e8c39d3858d9821e228a95aa573121b5b

    • SHA256

      ef8b3abf0db8c785d8beee2a64fb3e0add5e85ba0161f85ace8c07a9cece5978

    • SHA512

      edab1b107e20132515c90a386f57d55fec2e54529520e6686292a6359828eb1893b647bc13d25988747449f10b89c8eacb226e66dda95912d93b964f4869d747

    Score
    3/10
    behavioral5behavioral6

    • Target

      $RECYCLE.BIN/$I6AKHCZ.url

    • Size

      92B

    • MD5

      d9f53e37a6a7d47fc086d8a37a74e801

    • SHA1

      d651093a093789c29b04a8c17fdb9ab4443dbedd

    • SHA256

      dd9e36990c4d19966f744f3e23399b62189ffb6d76ecc1981d65942af483fb51

    • SHA512

      c902da67505b9ca4cd02cceda1571ce77f3f95eb94148dbc7894db97921e39b6eac57a91a48ea61bea2f90039f1cf3a5f5633472bfdc8fda75e437aa17c0cfb9

    Score
    1/10
    behavioral7behavioral8

    • Target

      $RECYCLE.BIN/$I9BVFJO.url

    • Size

      84B

    • MD5

      106364071e4178bb725e479c5ae733fe

    • SHA1

      1f1ab2ebe4289d271b548e73307d51dd7aac3e06

    • SHA256

      421d1cba483e5beef4205ffa43ce32dd1559d4d46fc65ea05d665a1fca8b42ff

    • SHA512

      f767a13eb19e92de917cdaaaa01627b4ccafb69a8b49e6ea6e4ca0a073e5c385962b82744b327961b3a4a4a7dd0b4f13aac9de44dd1c41934b37a7b8a22d49fa

    Score
    1/10
    behavioral10behavioral9

    • Target

      $RECYCLE.BIN/$IAEXCG6.lnk

    • Size

      80B

    • MD5

      6c10870c38d8541ac9fe32cf2df303ea

    • SHA1

      919449d2399a83e54284e32ca0cd30efe617627b

    • SHA256

      20c1afbfe809c840bd81cd150f455ad6ee300a1ecbd0fc3797c656d0f13d17fe

    • SHA512

      b11bdb44d2799454d8a65d8878e60a5a8fbcf81385b529b8f08abf0cec30aa8bb005a00d966f0e8dee66596d2a6b789631cd7edf63fd5cb2f046a09e9ba795a5

    Score
    3/10
    behavioral11behavioral12

    • Target

      $RECYCLE.BIN/$IAH62O0.cmd

    • Size

      88B

    • MD5

      6ce36942b92ab77bb04a661e7055c3f4

    • SHA1

      be1b67a345be03d35f2ce10a5a652242e02d010f

    • SHA256

      52441db6b2f466dcfca7b1a580234bc783f66bc660d0d38079e00682b8100dfe

    • SHA512

      1968daca3e6b1f3377da11d3bf1d5423f1beaa0297d22bd9df68f8944d3aa3ddca43659031337a8015e184790e5fdaa792408f485f5a33802af043c5b948ae43

    Score
    1/10
    behavioral13behavioral14

    • Target

      $RECYCLE.BIN/$IFTQZ21.txt

    • Size

      58B

    • MD5

      86a78401cffaebdda0077c95b3731ff7

    • SHA1

      480b8956d97ccdb9ca7a48d93df84b269a5c3815

    • SHA256

      1be64863bba2e205e4d95b7888e1dd719bf4db15bf5cf026b2e71d2cf17b5c4c

    • SHA512

      88fd587e180164b09bc9898327c1a468f253534e0a84ff7a01e0081e3ff5a16c65d722185df8eb1639c9cf3cda3b82707d8e86e3888c2f32eb4d00e019428ae5

    Score
    1/10
    behavioral15behavioral16

    • Target

      $RECYCLE.BIN/$ITQTF65.vhd

    • Size

      52B

    • MD5

      5c4658d0c26e73e822805cd541661a77

    • SHA1

      45d2b460c1b8395401fd60b26b8f398f5cfbcbf5

    • SHA256

      8f3b7422617b49f01037d7f18aeeec7892d95a804cc220228ded61e3fbb7bb30

    • SHA512

      d8e455d594bf16b279f082aefccb939440619a0da8339534873dfbbddd3cc2880e2f7c6b2fdf9999ee48455b4c139750403ed9b8c2e6c82da0bdeb522b196002

    Score
    3/10
    behavioral17behavioral18

    • Target

      $RECYCLE.BIN/$R47GN2Y.lnk

    • Size

      944B

    • MD5

      c500f65d596f13de0b45916fd38b2ebf

    • SHA1

      be7cdc0ad17e22c6d9dbe5c4943d9474d697b1f0

    • SHA256

      b175198523ec0ee22013b9c066fedbe7db317e776c31757e6dc3a0254004211e

    • SHA512

      ffc64f5925312e9075bb384c6e1f850cb9e5821e027d82bb1902da01583e760615fb6786b61ac9e49e3a789a9341a01c8b6d8ecff3b57a32ccb8c724e450748b

    Score
    3/10
    behavioral19behavioral20

    • Target

      $RECYCLE.BIN/$R6AKHCZ.url

    • Size

      141B

    • MD5

      0de440fa9e6012b525dbddeea04f5fbd

    • SHA1

      e8a74bf4989eee88a071057b3ed402b7662df498

    • SHA256

      5bb39c8f533ef487b406d3195a274bba69e538a4d3b49b7f80e8fa6b4804c0e6

    • SHA512

      c416da23e60c9183d6193fcc8137196f02d3db0a662c7a5802630177cd7cfc7afc3d052778b576f12d2a68620ddf922d72810a11a24bab6c8c6e06c0cd697715

    Score
    1/10
    behavioral21behavioral22

    • Target

      $RECYCLE.BIN/$R9BVFJO.url

    • Size

      192B

    • MD5

      30b15d0074689b2b57391607ce87184d

    • SHA1

      a8bb35e64db7774eecd9bc9c684677215cbd22ff

    • SHA256

      be7c237538f353211d999453405525df568567de5674dc1ffda5773a7cb0be8b

    • SHA512

      9aa9dd3bfefc57297390763715ddc2882797a37dcdfa619ba41cced889f864f88bba18c130e6fc2d15293abc8e884ef8cbfba48371205b62a87ca583357db465

    Score
    1/10
    behavioral23behavioral24

    • Target

      $RECYCLE.BIN/$RAEXCG6.lnk

    • Size

      764B

    • MD5

      50ca4a3117112b2921ca0dd1d2669b3f

    • SHA1

      523f7011bd9bd86930c055ddf92441d441bf9043

    • SHA256

      2f0ff66fb95769969f2036a205033f6868da8ebd1a211c45a8afc3f805940a69

    • SHA512

      33db76a36c9a27c1344e7d39fa55fb9be4a047785d10ac48f272d15fc9b30f67a2994117bd4b2f33662ad0f3b747aee85ef9a41f4242744ca974a8e066e59143

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral25behavioral26

    • Target

      $RECYCLE.BIN/$RAH62O0.cmd

    • Size

      111KB

    • MD5

      2c3351c659a42a82e3a3d865c88eaaaf

    • SHA1

      7c73b2c98e449be1c5a85806c08cfe05c0a699ab

    • SHA256

      f8f8f56ff4b52a36a6619ca8eadab3df1ae333dfda870a36b024bd74cf0ce9e4

    • SHA512

      b1962ca896f6328289a61522c6ede86bd0e6436d3dd6ca2170888ee2592a9cf88640f801dd864dbab1713ddb930b4dbed3cba0c5362f56f19150fcdabab599c6

    • SSDEEP

      3072:hXiSJ9Nvg6aGNGIR9Lb5ZQ6gvr+sBKWTP8ydL:hnXy2wg9f5ZezrKWTPdV

    Score
    10/10
    asyncratvenom clientsrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    behavioral27behavioral28

    • Target

      $RECYCLE.BIN/$RTQTF65.vhd

    • Size

      6.0MB

    • MD5

      fd4979108b9587139173f02f7f0e6797

    • SHA1

      6db7400102360fa2644e003eaeb96315d041c36c

    • SHA256

      e1d549111b59ebb819d83440133ee876947261f3e8c2a78594de228a77de1b8f

    • SHA512

      52f2fb184bf01ae3b4459cf4e54891d0efe7f24b156d98f897709c9108a709d7e2bda545fdb3cf34bf07f0018d94f1e9ed357682f513478064b434f6e34d951c

    • SSDEEP

      1536:C+PCBK4J9mILDGlGC6H9S5QZ9BiLJfhHB+ZVBGIg47x1eDBSMi+1WSxlul7W4iui:JlGC6H45QtiLJfhB+ZVBGIXcSI

    Score
    3/10
    behavioral29behavioral30

    • Target

      $RECYCLE.BIN/desktop.ini

    • Size

      129B

    • MD5

      a526b9e7c716b3489d8cc062fbce4005

    • SHA1

      2df502a944ff721241be20a9e449d2acd07e0312

    • SHA256

      e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

    • SHA512

      d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

8
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
1/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
3/10

behavioral26

Score
6/10

behavioral27

Score
1/10

behavioral28

asyncratvenom clientsrat
Score
10/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10