General

  • Target

    3.hta

  • Size

    12KB

  • Sample

    240416-vtn8rshd8s

  • MD5

    1813054fd92c59be0214e8f908d31155

  • SHA1

    3666af3fcd4dbf6d4881afb6e80841c87732569b

  • SHA256

    2522c6e717f20b29f38a73dc450a3ad748a14bbe86796429e50eaa672edd5d23

  • SHA512

    5416b8eebba6bdc80b48fb5c56e78ffa4c260e13513528022ac5f0e2f0ee5831ce3e8e55b5dbe0aadd60e782b7c69891ffd92190863aa4e218c8a5c5fa966869

  • SSDEEP

    192:whpDrcs3f1bF0VXd5uQ45pj3PxFtjQp2QYw:wgefH0lC5pTRo

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

194.48.251.169:4449

Mutex

wmdekgrrot

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      3.hta

    • Size

      12KB

    • MD5

      1813054fd92c59be0214e8f908d31155

    • SHA1

      3666af3fcd4dbf6d4881afb6e80841c87732569b

    • SHA256

      2522c6e717f20b29f38a73dc450a3ad748a14bbe86796429e50eaa672edd5d23

    • SHA512

      5416b8eebba6bdc80b48fb5c56e78ffa4c260e13513528022ac5f0e2f0ee5831ce3e8e55b5dbe0aadd60e782b7c69891ffd92190863aa4e218c8a5c5fa966869

    • SSDEEP

      192:whpDrcs3f1bF0VXd5uQ45pj3PxFtjQp2QYw:wgefH0lC5pTRo

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks