General

  • Target

    Client.exe

  • Size

    74KB

  • Sample

    240630-vag1cathjm

  • MD5

    a43b6b601b7847ce56c9c06fb89d027c

  • SHA1

    47e950515cacdfc73b3ee4a16645f40625c916e1

  • SHA256

    4d1fa4a04980a77e88dc4e9e3bcbf91f5dfe64d57fb52276f01cfac19704b459

  • SHA512

    213208c1f0e7caccb1ed9a3d59d9565549ea5f90baad127bdb8c223fb03c7b148737aac9a595f5c22fbe3de199f6ff31919f7fb6ec6aeb0f93d41ea1516e39b5

  • SSDEEP

    1536:cUKkcx9pXCTyPMVWe9VdQuDI6H1bf/CQ3QzcjMVclN:cUDcx958yPMVWe9VdQsH1bf6Q3QuOY

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

147.185.221.20:49485

Mutex

gwbhzwlfrv

Attributes
  • delay

    1

  • install

    true

  • install_file

    Discord.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Client.exe

    • Size

      74KB

    • MD5

      a43b6b601b7847ce56c9c06fb89d027c

    • SHA1

      47e950515cacdfc73b3ee4a16645f40625c916e1

    • SHA256

      4d1fa4a04980a77e88dc4e9e3bcbf91f5dfe64d57fb52276f01cfac19704b459

    • SHA512

      213208c1f0e7caccb1ed9a3d59d9565549ea5f90baad127bdb8c223fb03c7b148737aac9a595f5c22fbe3de199f6ff31919f7fb6ec6aeb0f93d41ea1516e39b5

    • SSDEEP

      1536:cUKkcx9pXCTyPMVWe9VdQuDI6H1bf/CQ3QzcjMVclN:cUDcx958yPMVWe9VdQsH1bf6Q3QuOY

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks