General
-
Target
d000032653fce6a63cb46dc3d2bd11f3e5b8c7a9bc99e9ecb2d53be94ae9789a
-
Size
75KB
-
Sample
240818-xp9p1ssdmn
-
MD5
6c86e854bfcffef8c6b156ff59c5d6d3
-
SHA1
8f9bd0ba4912b99de55922c91919a4df106d2278
-
SHA256
d000032653fce6a63cb46dc3d2bd11f3e5b8c7a9bc99e9ecb2d53be94ae9789a
-
SHA512
b03618095eb784422bb3ae600784e087cc517139cdd5bb5b93ba25d9f69e1e7da844ea779b7056e5a9b5c015ca706b55b502128224804c29fab7cd6a56be1fbf
-
SSDEEP
1536:02kU8UnRCE8PMRkkUJy8jd1bK/K9Ina4kzkLLVclN:0vUJR6PMRkHJ9d1bK3a4kiBY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
109.38.143.137:8888
89.99.115.113:8888
192.168.178.69:8888
zwkzzurhbadjvo
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
http://xcu.exgaming.click
Extracted
http://xcu5.exgaming.click
Targets
-
-
Target
d000032653fce6a63cb46dc3d2bd11f3e5b8c7a9bc99e9ecb2d53be94ae9789a
-
Size
75KB
-
MD5
6c86e854bfcffef8c6b156ff59c5d6d3
-
SHA1
8f9bd0ba4912b99de55922c91919a4df106d2278
-
SHA256
d000032653fce6a63cb46dc3d2bd11f3e5b8c7a9bc99e9ecb2d53be94ae9789a
-
SHA512
b03618095eb784422bb3ae600784e087cc517139cdd5bb5b93ba25d9f69e1e7da844ea779b7056e5a9b5c015ca706b55b502128224804c29fab7cd6a56be1fbf
-
SSDEEP
1536:02kU8UnRCE8PMRkkUJy8jd1bK/K9Ina4kzkLLVclN:0vUJR6PMRkHJ9d1bK3a4kiBY
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
VenomRAT
Detects VenomRAT.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-