General

  • Target

    vm.zip

  • Size

    290KB

  • Sample

    240727-qpgkxavblb

  • MD5

    8090d3ff2bf334b750478761c31bf25e

  • SHA1

    ec048b210369dd140be8ed66d07ac4466ab5f7e4

  • SHA256

    63b0e303a05ad2eb2a93e2f9cd96e50361cf1e0d29f9cab8b0a98d1185347f8a

  • SHA512

    dfbbb3468c2012bdf920b8c09dfdb655f3e1369ea9465228e505f1d1de3aef9ec9757d7b501c4091c3ff7859f57d2ca646430b4e5cf0e5292ab602b0fb28f654

  • SSDEEP

    6144:/3eshJ2mAOSiLZh4CPIKBZW7ZN7o8PDj6QN9Q1xipM8QHxwM4Dngzi:feshYbDi1OwDW9Ns8PDjxQ1x8MjR6Dnz

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.2

Botnet

Default

C2

94.156.79.190:4449

193.222.96.24:4449

Mutex

aqswvfsywrpgi

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      g2m.dll

    • Size

      389KB

    • MD5

      640c7c7efae54cc8db95b07151c1e70d

    • SHA1

      f5b6b37f8940a558cd0c4a5bc5bd8a668a4e61aa

    • SHA256

      e9f6dc3f1bd84642326784c7eb700125b548aa9522ad35eaf36903fbb1b5650e

    • SHA512

      694273fec690b2751a36b964679d3df58a4a66689bb507db20a0beef743f983b36a46589d6642eef1e625478d523186d84436028e23c833a601908d9cade73a9

    • SSDEEP

      6144:OXF8n/X2S6WUvk9pMT2/JBTe/h3/DdEG2nAOhn73i4:O6/76Tk3JBTmqAOk4

    Score
    3/10
    • Target

      runvm.bat

    • Size

      49B

    • MD5

      1ab4dc21dcb24f5b7345ce5c0b794b82

    • SHA1

      18f722ad31ee9d81181f8ca2cef60a70b03bb030

    • SHA256

      ac2103023d146e62c3b708384ae0ed044d17258901272068ef93c15c9f5aa06e

    • SHA512

      83f1d566b8f5b7875811762433cf7c2722225c789a3b917b2c4184a442d9d6af9c6fe703ce354d223824cfe8ed86e6e7780ec02008c093298fbcd3c08840dbdd

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Target

      vm.exe

    • Size

      39KB

    • MD5

      f1b14f71252de9ac763dbfbfbfc8c2dc

    • SHA1

      dcc2dcb26c1649887f1d5ae557a000b5fe34bb98

    • SHA256

      796ea1d27ed5825e300c3c9505a87b2445886623235f3e41258de90ba1604cd5

    • SHA512

      636a32fb8a88a542783aa57fe047b6bca47b2bd23b41b3902671c4e9036c6dbb97576be27fd2395a988653e6b63714277873e077519b4a06cdc5f63d3c4224e0

    • SSDEEP

      768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

MITRE ATT&CK Enterprise v15

Tasks