Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://t.ly/zt6XS

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://t.ly/zt6XS

  • Sample

    240330-k3wn4ach35

Score
10/10
asyncrateternitydefaultevasionratspywarestealertrojan

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

trigjiqjyexsu

Attributes
  • delay

    1

  • install

    true

  • install_file

    Registry.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/w5QC7zcd

aes.plain

Targets

    • Target

      https://t.ly/zt6XS

    Score
    10/10
    asyncrateternitydefaultevasionratspywarestealertrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Detects Eternity stealer

      stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Async RAT payload

      rat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks