Overview

overview

10

Static

static

3

Tax documents PDF.exe

windows7-x64

10

Tax documents PDF.exe

windows10-2004-x64

10

g2m.dll

windows7-x64

10

g2m.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.zip

  • Size

    16.2MB

  • Sample

    240517-r4k3bacd2w

  • MD5

    7dbb004d62facaf273d1410389eb2700

  • SHA1

    5d19a3cd3e6b5361e842cc2c2bcf84dbc165c688

  • SHA256

    5734066bf76cf5274a6d830ac4fc4d12162f1c1f508ae4b1babdd27ba62fb300

  • SHA512

    462f3b471fad6f25089f01aac12581ebb509894d055abf6ff5f47ddf42a3bfa86cb845429eb19ae33c238757d737f0a6892dca8480aa9fb9e49d757fb09e0488

  • SSDEEP

    393216:tzKePO+oV0PfKtTiz8VpM+3xn8ODvEtc8HnvYvCFJ+:vO+tPfKUshn8ODvalHvYSJ+

Score
10/10
asyncratvenom clientspersistencerat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

5.253.84.218:7878

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Tax documents PDF.exe

    • Size

      31KB

    • MD5

      4db45c5fdb9e115b922bdf007523f082

    • SHA1

      90297382a170ff3ea7931db2425329d0b2f70f04

    • SHA256

      a73709c1b5f1f875ee35f477c4e263a57050c36e2cff31ad1ceca17d9623e7cd

    • SHA512

      7f0bcb2ee96c523cce764d1ec7d197d3aadddcf6fae71b63e88c3a26883b2f2fb4a446187adfbb023be779056ebc0ea50a785c72bbe97bb7dca41a810d0ff6c7

    • SSDEEP

      384:V4Kj/M8y6ryzqEt7a9Oey+IFdP64VYaEwDtiBgxoxlnLr2STchsCxXBhgBx4eMDg:VHDXr+VWOV+csoHViBBn+hRIqeMDGt

    Score
    10/10
    asyncratvenom clientspersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      g2m.dll

    • Size

      44.7MB

    • MD5

      800ea3a241461649e1bda3aac6854335

    • SHA1

      111f1fc6b3d58328e8799b5c93a60b9586580166

    • SHA256

      e0f8597fbde807a20dd853711c5cfda779eb18d389277c4a2db63948202723f7

    • SHA512

      2aa8dc19e1310f8352af25b5de6da5783da5235847a1a8c8bf15aafc83f9fc6ef207ab25d0075aa858311abb681d82e921eb17a7d0af9f02451d5cf7c5d761af

    • SSDEEP

      786432:rUP7GCGO7t0Srkx/tC0SzIdSwh/WxbpNHQD3trzRp2:rUP7GCG6iSrkx1hSzYsHQD3t/Rk

    Score
    10/10
    asyncratvenom clientspersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks