General
-
Target
OTPBOT.exe
-
Size
16.7MB
-
Sample
240807-thnbna1aln
-
MD5
d76d4061a38546dda1d9748588b75f18
-
SHA1
adbcd8ada656dddd3809bdd8061f59fbb53351bd
-
SHA256
7c833f195a6be1c64c85cca8f227f0226726609bc564f9577ef81924aa99c1b4
-
SHA512
f4cdfe95be590c55fd32fcaf711961ab67fcee8dcceeb44bf8cb4e6e2208b207073ba7a329a843ac1d63d5f5a2d8fae78dc2043afc4b2829757246c05eff7fb1
-
SSDEEP
393216:Ib7D+eNMC7Z61Kqm/1MpfnZ0ZjupISFOxcyUVBWABkgr0:U/mCNoZm9ML05ualxc0E
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
10.0.2.15:9090
10.0.2.15:52033
147.185.221.19:9090
147.185.221.19:52033
wbrjnemduvixdculy
-
delay
1
-
install
true
-
install_file
steam.exe
-
install_folder
%AppData%
Targets
-
-
Target
OTPBOT.exe
-
Size
16.7MB
-
MD5
d76d4061a38546dda1d9748588b75f18
-
SHA1
adbcd8ada656dddd3809bdd8061f59fbb53351bd
-
SHA256
7c833f195a6be1c64c85cca8f227f0226726609bc564f9577ef81924aa99c1b4
-
SHA512
f4cdfe95be590c55fd32fcaf711961ab67fcee8dcceeb44bf8cb4e6e2208b207073ba7a329a843ac1d63d5f5a2d8fae78dc2043afc4b2829757246c05eff7fb1
-
SSDEEP
393216:Ib7D+eNMC7Z61Kqm/1MpfnZ0ZjupISFOxcyUVBWABkgr0:U/mCNoZm9ML05ualxc0E
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
VenomRAT
Detects VenomRAT.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1