General
-
Target
Proforma invoice of dated 17072024.tar.gz
-
Size
818KB
-
Sample
240717-rn847svarm
-
MD5
c4028366b4413830be3db38366a02c22
-
SHA1
afafa404a043a64b64f5d7b9d6a55ae5294542fe
-
SHA256
6ea039f9cb0f8d34b93c20e87504014cc44ebf546587fe6cfeca76fe624aa1e9
-
SHA512
83d740f2d2affbd4d09c998df9eb552b553e46bf653b4dad28b0d390c1fda62401cb92d9e394b08daf26d0f949752bf4e74dac62a4fc9b07311ba92df3762c12
-
SSDEEP
24576:5VJypvLXTe0PoIzE8lOVXz8Vmt0T5o4z91jvVS:HkJje5OE9VwVBTa4R1DVS
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
194.55.186.155:2424
qncatmcnnrwluo
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Proforma invoice of dated 17072024.exe
-
Size
1009KB
-
MD5
5879893dab2a56f6eb3aecbc82f92012
-
SHA1
77df5124aff9e2fdcb671f98e269e6177ac5acda
-
SHA256
003a945d2e248c12dd520fe056a88779dfba87cd22a92ad98afa3fc955f5e01f
-
SHA512
528161ef99eefeeba35556c707a2da026142c7ca1637ecdaee39fb094d1724c332424a0df251534dce0c2bdd53c4b229db643a6da980f2eaff8a152b0dadb5bf
-
SSDEEP
24576:+N/BUBb+tYjBFHOcmAvdq06U9RTs0bydWy2CZ/b8qQ8:WpUlRhOc/006Awjd9
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-