General

  • Target

    Adobe Photoshop.exe

  • Size

    49KB

  • Sample

    240331-3p9b5sfe4s

  • MD5

    b75ad3f5b6ddb8c96ab2eae0d2a977ec

  • SHA1

    2a726f2753d97f50a658f109f43c78bb118dfca2

  • SHA256

    4dfe3a7f19de34169eb850bf014ddd21603719115b5fc622cc1731e555f651ed

  • SHA512

    52b81afe357394e298a02ad100a4a07a6a1dc1c7937f2487568ff0a299885913e1ec54a84db66d96d79c3b5e34409847d76597b45735dbbe57b8b5b661eef8be

  • SSDEEP

    768:3NJXw9WvC9nPpT3RSW/Cv2YzidgYRUTO9PdKqz1QB6SRm1/vrOV8TMBG/IL:3NJg9WAPuDzivGK9P1QoSu/aV/Y/IL

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

sfadasdas

C2

127.0.0.1:4449

127.0.0.1:8080

162.238.154.3:4449

162.238.154.3:8080

Mutex

vwbvnjxghdq

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Adobe Photoshop.exe

    • Size

      49KB

    • MD5

      b75ad3f5b6ddb8c96ab2eae0d2a977ec

    • SHA1

      2a726f2753d97f50a658f109f43c78bb118dfca2

    • SHA256

      4dfe3a7f19de34169eb850bf014ddd21603719115b5fc622cc1731e555f651ed

    • SHA512

      52b81afe357394e298a02ad100a4a07a6a1dc1c7937f2487568ff0a299885913e1ec54a84db66d96d79c3b5e34409847d76597b45735dbbe57b8b5b661eef8be

    • SSDEEP

      768:3NJXw9WvC9nPpT3RSW/Cv2YzidgYRUTO9PdKqz1QB6SRm1/vrOV8TMBG/IL:3NJg9WAPuDzivGK9P1QoSu/aV/Y/IL

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Async RAT payload

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks