General
-
Target
Bot.rar
-
Size
16.3MB
-
Sample
240719-wy8zeaxekb
-
MD5
4d4e496a1767ff35798fa6dcb62020c6
-
SHA1
c4a6abb07705d6fdecdcd126bc60b7dc6617f8f0
-
SHA256
6b21c5b53198967f49dda5d8b79e06bfd1ac72ca4c362bbdbc7a58cf2a5de9af
-
SHA512
5d1f66b5e1df4e019fa14564cf477e0cc105c2a9611b7807c7e2444782f6183ce97828f980b08856268634ed4f946af1b0d4f94d99780445864aeef7645fdab2
-
SSDEEP
393216:9m3jAlqrWUIyB1mdnKQO5dEhLN8DDifhAz90hXIPoO8I/n:qrdII1mhKfghLNfEOGPosf
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
10.0.2.15:9090
10.0.2.15:52033
147.185.221.19:9090
147.185.221.19:52033
wbrjnemduvixdculy
-
delay
1
-
install
true
-
install_file
steam.exe
-
install_folder
%AppData%
Targets
-
-
Target
OTPBOT.exe
-
Size
16.7MB
-
MD5
d76d4061a38546dda1d9748588b75f18
-
SHA1
adbcd8ada656dddd3809bdd8061f59fbb53351bd
-
SHA256
7c833f195a6be1c64c85cca8f227f0226726609bc564f9577ef81924aa99c1b4
-
SHA512
f4cdfe95be590c55fd32fcaf711961ab67fcee8dcceeb44bf8cb4e6e2208b207073ba7a329a843ac1d63d5f5a2d8fae78dc2043afc4b2829757246c05eff7fb1
-
SSDEEP
393216:Ib7D+eNMC7Z61Kqm/1MpfnZ0ZjupISFOxcyUVBWABkgr0:U/mCNoZm9ML05ualxc0E
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload
-
Suspicious Office macro
Office document equipped with macros.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1