General

  • Target

    c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0.cmd

  • Size

    82KB

  • Sample

    240524-b44lnagg5z

  • MD5

    0c9dd4a4644d5271be6bf540daccb191

  • SHA1

    452415383fd54926ce19f8f78258dc57d87c98ef

  • SHA256

    c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0

  • SHA512

    194d82615358dfc579e508768e2b2e3357069ea626cf90415f58459943a147e0c58d600091bf8840c1e06db9962ca01b3cd2cf9f1ee3d6685bd8d62a6219eab5

  • SSDEEP

    1536:cHkGj8vp9NrhTu1iCrjNk9CRsphfkA0tNJxCK9dLbw3/4cLT4H/INmxklg:cHB8nrhTu1L8CRsp+RtIK4v3nUcM

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

undjsj.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0.cmd

    • Size

      82KB

    • MD5

      0c9dd4a4644d5271be6bf540daccb191

    • SHA1

      452415383fd54926ce19f8f78258dc57d87c98ef

    • SHA256

      c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0

    • SHA512

      194d82615358dfc579e508768e2b2e3357069ea626cf90415f58459943a147e0c58d600091bf8840c1e06db9962ca01b3cd2cf9f1ee3d6685bd8d62a6219eab5

    • SSDEEP

      1536:cHkGj8vp9NrhTu1iCrjNk9CRsphfkA0tNJxCK9dLbw3/4cLT4H/INmxklg:cHB8nrhTu1L8CRsp+RtIK4v3nUcM

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Detects executables attemping to enumerate video devices using WMI

    • Detects executables packed with ConfuserEx Mod

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Tasks