General

  • Target

    6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e.exe

  • Size

    204KB

  • Sample

    240805-btl9mawhjh

  • MD5

    d6c3e22a2d260e9124481f4a82278da5

  • SHA1

    151167da902148943ba8554fab4331d82ec8b150

  • SHA256

    6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e

  • SHA512

    11f92b994434c43c0a2393e1347b4b96ad00be36ade16b16860b1fed65d76a7a5d9ef35019092ea37db3f841b66bf5b8ca1187ba84cb63d22d95057439d7b967

  • SSDEEP

    3072:60U2cxq3O6PMV9iFTH1bRGAgxy1QhWwfBtOEp7ybMj/0vU7yZED+CDgbB+Y:xDO6PMVQVbjgxkoW6mEpmbMjgU7yZf8

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Mutex

server.underground-cheat.xyz

Attributes
  • delay

    1

  • install

    true

  • install_file

    WinUpdate.exe

  • install_folder

    %AppData%

aes.plain
1
lzMl2lRljyuwhB6QkjOAYs34LynwEPdI

Targets

    • Target

      6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e.exe

    • Size

      204KB

    • MD5

      d6c3e22a2d260e9124481f4a82278da5

    • SHA1

      151167da902148943ba8554fab4331d82ec8b150

    • SHA256

      6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e

    • SHA512

      11f92b994434c43c0a2393e1347b4b96ad00be36ade16b16860b1fed65d76a7a5d9ef35019092ea37db3f841b66bf5b8ca1187ba84cb63d22d95057439d7b967

    • SSDEEP

      3072:60U2cxq3O6PMV9iFTH1bRGAgxy1QhWwfBtOEp7ybMj/0vU7yZED+CDgbB+Y:xDO6PMVQVbjgxkoW6mEpmbMjgU7yZf8

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.