General

  • Target

    c2ab16802765ebcfe21f21aabd351c846bbea9140835c23579f9d0e26f9bdf2c.cmd

  • Size

    111KB

  • Sample

    240524-b378fsgg3s

  • MD5

    934330a37a7b1380047366d135ff1423

  • SHA1

    1cadd58c7e7475277d23b924b3dac8aad567bf44

  • SHA256

    c2ab16802765ebcfe21f21aabd351c846bbea9140835c23579f9d0e26f9bdf2c

  • SHA512

    844b523cb12393b97a9807fd4b5bd9b811a7482a4d9865a0b3c7ccdce889222671f86bd87cc8a0ec25abefe62d8e33a871434114847fea58bf8bc73bc411362a

  • SSDEEP

    3072:/HPsUJ1lTMxqWITymQ57Leimw/gU0x1DzfsxciNpU3:XTWITymEeiWUxFy

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

xvern429.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      c2ab16802765ebcfe21f21aabd351c846bbea9140835c23579f9d0e26f9bdf2c.cmd

    • Size

      111KB

    • MD5

      934330a37a7b1380047366d135ff1423

    • SHA1

      1cadd58c7e7475277d23b924b3dac8aad567bf44

    • SHA256

      c2ab16802765ebcfe21f21aabd351c846bbea9140835c23579f9d0e26f9bdf2c

    • SHA512

      844b523cb12393b97a9807fd4b5bd9b811a7482a4d9865a0b3c7ccdce889222671f86bd87cc8a0ec25abefe62d8e33a871434114847fea58bf8bc73bc411362a

    • SSDEEP

      3072:/HPsUJ1lTMxqWITymQ57Leimw/gU0x1DzfsxciNpU3:XTWITymEeiWUxFy

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Detects executables attemping to enumerate video devices using WMI

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Tasks