Overview

overview

10

Static

static

3

F-M-E V2 @RFREE.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    F-M-E V2 @RFREE.exe

  • Size

    1001KB

  • Sample

    240713-wbpx1sshme

  • MD5

    20f79abbb22e4ce80d8d91347945472b

  • SHA1

    5decdd32943e35c11e89d60aa359be115179b732

  • SHA256

    c1dc64a3e60375c031e62f0e04c48817752d67f55a047aa62a3058052067f6a9

  • SHA512

    3cbfbd778ded7f8fb07129664ec4d0672603088edc717e671970bd222c989625a126f5f8a7658f4b343cce3cf48597ef81f32d7349c2b993a65778158d8994d4

  • SSDEEP

    24576:QWmAu6LxlLQKjgl72Dyhg+XddI3rkbCTkQHwqgzJvAH:dLLDkogl72mRXEbqkkQH2o

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

xdatarfree.ddns.net:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      F-M-E V2 @RFREE.exe

    • Size

      1001KB

    • MD5

      20f79abbb22e4ce80d8d91347945472b

    • SHA1

      5decdd32943e35c11e89d60aa359be115179b732

    • SHA256

      c1dc64a3e60375c031e62f0e04c48817752d67f55a047aa62a3058052067f6a9

    • SHA512

      3cbfbd778ded7f8fb07129664ec4d0672603088edc717e671970bd222c989625a126f5f8a7658f4b343cce3cf48597ef81f32d7349c2b993a65778158d8994d4

    • SSDEEP

      24576:QWmAu6LxlLQKjgl72Dyhg+XddI3rkbCTkQHwqgzJvAH:dLLDkogl72mRXEbqkkQH2o

    Score
    10/10
    asyncratvenom clientsrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks