General

  • Target

    hta.hta

  • Size

    13KB

  • Sample

    240416-vx5d6ahe8w

  • MD5

    9f587ac1e364bc4b89ea9991c780b09a

  • SHA1

    9612509e53fde418c7bb1794ac5f30c894b960a9

  • SHA256

    44e910d573342c0bd7713e853d6bffec6565db309e4e93042052f064b5626384

  • SHA512

    bcc6c0e3a765cc57fb2d75b5761175d3608befacb5d1b2d478d6e2ddcfa415b0afdf93299ecaff18c6d2de3b135f1ab6b2b2670f20668e3df73c2b679610feb3

  • SSDEEP

    384:qpzWNjCBvB7owyK5GYsx5GlUi5GhmPM5GmmaUi5Gt48FR:scYZkYK0qmPM9mYl83

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

194.48.251.169:4449

Mutex

wmdekgrrot

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      hta.hta

    • Size

      13KB

    • MD5

      9f587ac1e364bc4b89ea9991c780b09a

    • SHA1

      9612509e53fde418c7bb1794ac5f30c894b960a9

    • SHA256

      44e910d573342c0bd7713e853d6bffec6565db309e4e93042052f064b5626384

    • SHA512

      bcc6c0e3a765cc57fb2d75b5761175d3608befacb5d1b2d478d6e2ddcfa415b0afdf93299ecaff18c6d2de3b135f1ab6b2b2670f20668e3df73c2b679610feb3

    • SSDEEP

      384:qpzWNjCBvB7owyK5GYsx5GlUi5GhmPM5GmmaUi5Gt48FR:scYZkYK0qmPM9mYl83

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks