General
-
Target
2024-06-05_cf2c045158465409ed7894c1205a0965_megazord
-
Size
5.7MB
-
Sample
240605-sgvhxaad3t
-
MD5
cf2c045158465409ed7894c1205a0965
-
SHA1
ec83f34bf16b04a4153372805b4c4b85dbdc3918
-
SHA256
cf1cd7546ffb11e23e5827b84476e8132858ffa91d9e9bb42d2c037ed66bea72
-
SHA512
7d5b46283085aea14828af16b44c006f4d719145f5d3eec6d5a8c00b1ea8fabd2fa939bdc085d17be2d92c7d7f0b6e491eed74026c500c0aa878d16644b85b12
-
SSDEEP
49152:BKq86OpuluzvyO3p2i6uwu0xaD9Cb2jBkYhPeTnxdLeW7mfcHaxXHvhgFNRpOusj:m58CE2HSFBdOVS9Nwp
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Default
45.80.158.48:4449
qeuojzelsqkk
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
2024-06-05_cf2c045158465409ed7894c1205a0965_megazord
-
Size
5.7MB
-
MD5
cf2c045158465409ed7894c1205a0965
-
SHA1
ec83f34bf16b04a4153372805b4c4b85dbdc3918
-
SHA256
cf1cd7546ffb11e23e5827b84476e8132858ffa91d9e9bb42d2c037ed66bea72
-
SHA512
7d5b46283085aea14828af16b44c006f4d719145f5d3eec6d5a8c00b1ea8fabd2fa939bdc085d17be2d92c7d7f0b6e491eed74026c500c0aa878d16644b85b12
-
SSDEEP
49152:BKq86OpuluzvyO3p2i6uwu0xaD9Cb2jBkYhPeTnxdLeW7mfcHaxXHvhgFNRpOusj:m58CE2HSFBdOVS9Nwp
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
UAC bypass
-
Detects executables attemping to enumerate video devices using WMI
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-