General

  • Target

    CryptoJacker.exe

  • Size

    10.6MB

  • Sample

    240623-v53wasxhnb

  • MD5

    d8a30735aa4702e200ed432d223c3ad8

  • SHA1

    fa144148c226a9d08e1d1179cfa60597d4f08cac

  • SHA256

    24aeb855ead570407cef3835b4e5ac516e9ec8dd1d0105662727e4f12082b3d2

  • SHA512

    cbc030dd159172c2448554393caeb8b0c910d302dec1edc3a719c47be01bb90a4c243d1d15f0cbfebaf0e016cebec7e5c173c4d5cdd27ffdb557716f2071014a

  • SSDEEP

    196608:g0Kn9PL3A8tKCn4bwcfAjSNgeQ4ZhseG0j73cQIqW3yiFoNWpPm4Q:/KnZQ4n4Z5Ve0PJIf3rFXdm4Q

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

10.0.2.15:9090

10.0.2.15:52033

147.185.221.19:9090

147.185.221.19:52033

Mutex

yigdzohbebyxyvvzbc

Attributes
  • delay

    1

  • install

    true

  • install_file

    Steam.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      CryptoJacker.exe

    • Size

      10.6MB

    • MD5

      d8a30735aa4702e200ed432d223c3ad8

    • SHA1

      fa144148c226a9d08e1d1179cfa60597d4f08cac

    • SHA256

      24aeb855ead570407cef3835b4e5ac516e9ec8dd1d0105662727e4f12082b3d2

    • SHA512

      cbc030dd159172c2448554393caeb8b0c910d302dec1edc3a719c47be01bb90a4c243d1d15f0cbfebaf0e016cebec7e5c173c4d5cdd27ffdb557716f2071014a

    • SSDEEP

      196608:g0Kn9PL3A8tKCn4bwcfAjSNgeQ4ZhseG0j73cQIqW3yiFoNWpPm4Q:/KnZQ4n4Z5Ve0PJIf3rFXdm4Q

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Discovery

System Information Discovery

2
T1082

Query Registry

2
T1012

Tasks