Overview

overview

10

Static

static

1

0040de8020...c1.lnk

windows7-x64

8

0040de8020...c1.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1.lnk

  • Size

    2KB

  • Sample

    240712-gsk8ts1elk

  • MD5

    7e7b20e421442d74655685583b4036de

  • SHA1

    cf936b1fe122c6a5029c07a64a0f8674b31464af

  • SHA256

    0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1

  • SHA512

    e58df7f695e08bc57c30a518f35c84b9ab70597696d579291b12c2534a06b24018920cd09f4a0652dcca9791eca207646e4ce38f03bf3650c093a8db9ffe9318

Score
10/10
asyncratdefaultexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

64.112.85.3:4449

Mutex

ufaaryvntrlyhwcwq

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1.lnk

    • Size

      2KB

    • MD5

      7e7b20e421442d74655685583b4036de

    • SHA1

      cf936b1fe122c6a5029c07a64a0f8674b31464af

    • SHA256

      0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1

    • SHA512

      e58df7f695e08bc57c30a518f35c84b9ab70597696d579291b12c2534a06b24018920cd09f4a0652dcca9791eca207646e4ce38f03bf3650c093a8db9ffe9318

    Score
    10/10
    executionasyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks