General

  • Target

    3c0b94f379c5c568f8f3d406b22b642d3fae60094f8dffbf2e24c87c8435e0a6.exe

  • Size

    492KB

  • Sample

    240628-bn55jswakr

  • MD5

    053aac08d444d91ab5fc8aa01dd11e8f

  • SHA1

    5a53b00c9d6c138e728888fe2497c109a3b2fe55

  • SHA256

    3c0b94f379c5c568f8f3d406b22b642d3fae60094f8dffbf2e24c87c8435e0a6

  • SHA512

    25e1c6115dc72cc1ddc4bd1764a3981729ff9205bd033bff86983c5ed669282bad6beddf949561716d6f7769de0341df3046682f51309fd34bfa7f8bc1291e2d

  • SSDEEP

    12288:1J24XbCawVXX6yznKlnndQJpDyw6zLeJ4VZxdkR:hwpXPnOdQHB6zLew7A

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

194.55.186.155:2424

Mutex

qncatmcnnrwluo

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      3c0b94f379c5c568f8f3d406b22b642d3fae60094f8dffbf2e24c87c8435e0a6.exe

    • Size

      492KB

    • MD5

      053aac08d444d91ab5fc8aa01dd11e8f

    • SHA1

      5a53b00c9d6c138e728888fe2497c109a3b2fe55

    • SHA256

      3c0b94f379c5c568f8f3d406b22b642d3fae60094f8dffbf2e24c87c8435e0a6

    • SHA512

      25e1c6115dc72cc1ddc4bd1764a3981729ff9205bd033bff86983c5ed669282bad6beddf949561716d6f7769de0341df3046682f51309fd34bfa7f8bc1291e2d

    • SSDEEP

      12288:1J24XbCawVXX6yznKlnndQJpDyw6zLeJ4VZxdkR:hwpXPnOdQHB6zLew7A

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detects executables attemping to enumerate video devices using WMI

    • Detects executables packed with SmartAssembly

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks