Overview

overview

10

Static

static

3

2024-05-26...ar.exe

windows7-x64

8

2024-05-26...ar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-26_871fa13b7d0843b7625ee3dc5f4fe4db_hiddentear

  • Size

    204KB

  • Sample

    240526-b19cqsab7y

  • MD5

    871fa13b7d0843b7625ee3dc5f4fe4db

  • SHA1

    f22e5898e6bbb26c81aedda6bde0ba91959a19b8

  • SHA256

    91a3b2c8074fe3cd2fc0ae4b8f244e244f54e5ed51018e1b3b61907a1f2f160b

  • SHA512

    0112b413f06cf7a8d805c27f83c3a5d511db110ddd218ea7a175778d3bb73b1b7c49b8bf2c80bdef38abe5df7971c6a882251f44e0a57857f852583377604f79

  • SSDEEP

    3072:SdFHdppuOf+wMSHjnywM0vY9t8Qkh+nWM+lmsolAIrRuw+mqv9j1MWLQryn:uFPMOf+wMAywM0EJksn1+lDAA1n

Score
10/10
asyncratdefaultexecutionlinkpdfrat

Malware Config

Extracted

Family

asyncrat

Version

Venom Pwn3rzs' Edtition v6.0.1

Botnet

Default

C2

65.2.185.165:4449

Mutex

threugritegfjfd

Attributes
  • delay

    1

  • install

    true

  • install_file

    gturjdysfuidjsjttsydjstta se fukofuhddjjfidsu.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-05-26_871fa13b7d0843b7625ee3dc5f4fe4db_hiddentear

    • Size

      204KB

    • MD5

      871fa13b7d0843b7625ee3dc5f4fe4db

    • SHA1

      f22e5898e6bbb26c81aedda6bde0ba91959a19b8

    • SHA256

      91a3b2c8074fe3cd2fc0ae4b8f244e244f54e5ed51018e1b3b61907a1f2f160b

    • SHA512

      0112b413f06cf7a8d805c27f83c3a5d511db110ddd218ea7a175778d3bb73b1b7c49b8bf2c80bdef38abe5df7971c6a882251f44e0a57857f852583377604f79

    • SSDEEP

      3072:SdFHdppuOf+wMSHjnywM0vY9t8Qkh+nWM+lmsolAIrRuw+mqv9j1MWLQryn:uFPMOf+wMAywM0EJksn1+lDAA1n

    Score
    10/10
    executionasyncratdefaultlinkpdfrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Detects executables attemping to enumerate video devices using WMI

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks