General

  • Target

    WindowsDesktopGraphics.exe

  • Size

    74KB

  • Sample

    240601-s4smtsgd84

  • MD5

    33f354fd83e3b7cfc9dec200a8cee01d

  • SHA1

    43cc469faf3e45ea118af98a4bea80e68946b542

  • SHA256

    130d9a370a0719f5012e4f12ae8e023b40cc80357ac235f9bed60bfd7acf9297

  • SHA512

    c2551ebf93a6719896d486440409bbea60c166e26fc21a622b869bcf5041225643aa5c35d108e12fe857a893e1fe21e9238d556b586f93927cc7339b716abdf9

  • SSDEEP

    1536:cnUiwcxea0CTmPMVHbYn+IYH1bw/HkQzcuLVclN:cnUjcxeFImPMVHbYgH1bwcQnBY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

10.8.3.238:59656

Mutex

ewrxangf8ytS^T^WDRgsudwfg

Attributes
  • delay

    1

  • install

    true

  • install_file

    windowsdesktopgraphics.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      WindowsDesktopGraphics.exe

    • Size

      74KB

    • MD5

      33f354fd83e3b7cfc9dec200a8cee01d

    • SHA1

      43cc469faf3e45ea118af98a4bea80e68946b542

    • SHA256

      130d9a370a0719f5012e4f12ae8e023b40cc80357ac235f9bed60bfd7acf9297

    • SHA512

      c2551ebf93a6719896d486440409bbea60c166e26fc21a622b869bcf5041225643aa5c35d108e12fe857a893e1fe21e9238d556b586f93927cc7339b716abdf9

    • SSDEEP

      1536:cnUiwcxea0CTmPMVHbYn+IYH1bw/HkQzcuLVclN:cnUjcxeFImPMVHbYgH1bwcQnBY

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks