General

  • Target

    C11Bootstrapper.zip

  • Size

    193KB

  • MD5

    c0aa2729c58fca545c27521b4de2b97c

  • SHA1

    a591b1e81f7158bcb346d7017edbf09abf9b01de

  • SHA256

    38264c8656ce4163c7d1cf3014863dc7398227df662b90a30c6342d6f45bb5a6

  • SHA512

    b40fc38c500a24ccacc6f9e67422398d3c3ffb6da33edda7fa37a7a29e8937b6017d29bb3c34fd27f4e981eed6a38e0bfeeb678b91b9f4ea7d589d8c23c56a52

  • SSDEEP

    6144:BA3cXkEnu8vjKbnU9tWCnHGXf3fgDm+HuT:BAMXkr8IUjmXfPgDm+OT

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

Mutex

chhphkahmfnasuyziqc

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %Temp%

aes.plain

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1210158511317590106/v9w3kiFGxTmHnaLb091GZCxjv8fdr5efj0qIDNAgPdpreNR5UKL8WQl7YxoqctUCkOnB

Extracted

Family

njrat

Version

0.7d

Botnet

Team TIB's Victim

C2

127.0.0.1:4040

Mutex

9d2e440703ae716f1154fa98bacb513a

Attributes
  • reg_key

    9d2e440703ae716f1154fa98bacb513a

  • splitter

    Y262SUCZ4UJJ

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Detect Umbral payload 1 IoCs
  • Njrat family
  • Umbral family
  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • C11Bootstrapper.zip
    .zip
  • C11Bootstrapper/Properties/C11Setup.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • C11Bootstrapper/Properties/GuiLoader.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • C11Bootstrapper/Properties/IndependenciesInstallation.bat
  • C11Bootstrapper/Properties/PageEditor.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • C11Bootstrapper/Properties/msgbox.vbs
  • C11Bootstrapper/Readme.txt
  • C11Bootstrapper/Start.bat