Overview

overview

10

Static

static

1

MonkeModMa...64.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MonkeModManager-x64.bat

  • Size

    82KB

  • Sample

    240517-2y5jwafe41

  • MD5

    95e787e067cc510309e9923ea23faa6e

  • SHA1

    5d7b2761b524838ee5924859d6d76aa027d4f19e

  • SHA256

    2e7f39603dfb1568c97a8617d3fb214593c3ef2cc4091d0998fe9fb01ffa3176

  • SHA512

    3a8d5803e2ad459004217679d644832007505a076a80b9063ba6d33758d3ec66d7253591e0834ec4e90b911cc0615b05fb7d4d6e66d3ab5aa7f0ef5d197ebaa9

  • SSDEEP

    1536:Fa5C7MKLKetgqr6HtarNaP+Zf70dnuBXxJ3ZnQiF/Kku:KCYvzarIRluLnp0ku

Score
10/10
asyncratdefaultevasionexecutionransomwarerattrojan

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

qqbbltrgyug

Attributes
  • delay

    3

  • install

    false

  • install_file

    wsappx.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/VPdbUMTj

aes.plain

Targets

    • Target

      MonkeModManager-x64.bat

    • Size

      82KB

    • MD5

      95e787e067cc510309e9923ea23faa6e

    • SHA1

      5d7b2761b524838ee5924859d6d76aa027d4f19e

    • SHA256

      2e7f39603dfb1568c97a8617d3fb214593c3ef2cc4091d0998fe9fb01ffa3176

    • SHA512

      3a8d5803e2ad459004217679d644832007505a076a80b9063ba6d33758d3ec66d7253591e0834ec4e90b911cc0615b05fb7d4d6e66d3ab5aa7f0ef5d197ebaa9

    • SSDEEP

      1536:Fa5C7MKLKetgqr6HtarNaP+Zf70dnuBXxJ3ZnQiF/Kku:KCYvzarIRluLnp0ku

    Score
    10/10
    asyncratdefaultevasionexecutionransomwarerattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • UAC bypass

      evasiontrojan

    • Async RAT payload

      rat

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Modifies Windows Firewall

      evasion

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

Persistence

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Process Discovery

1
T1057

Query Registry

2
T1012

System Information Discovery

5
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Tasks