General

  • Target

    609e38e067e3a764cb62d60c911b42d8c617c9ce622afdc308fe09327e248d9c.zip

  • Size

    2.0MB

  • Sample

    240914-bx1w7azejp

  • MD5

    45dc1c7001860dcf9693c5ffc58ef592

  • SHA1

    d76e7523c2965dd846a89f5922070cd09d26a8ef

  • SHA256

    609e38e067e3a764cb62d60c911b42d8c617c9ce622afdc308fe09327e248d9c

  • SHA512

    fa49fd15981006a5f95dc005bd6c2cd645ef9db98f2afb082d88856849f58b2da7e34709283a3610ff6904d4eafe86418b895dde6a993f87eccded098f19fc1c

  • SSDEEP

    49152:DhHUWZzAjo7WtlkAdgagDcKAamsloQGgFhatjv1er0Z/gLyar9Oj8g8V:+WZzCTl5bgDNAarl1Oj9eQKfy8L

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.2

Botnet

Default

C2

41.216.183.109:4449

Mutex

eqrgkllk45thea

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Guna.UI2.dll

    • Size

      2.1MB

    • MD5

      c19e9e6a4bc1b668d19505a0437e7f7e

    • SHA1

      73be712aef4baa6e9dabfc237b5c039f62a847fa

    • SHA256

      9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82

    • SHA512

      b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de

    • SSDEEP

      49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z

    Score
    1/10
    • Target

      InjectorStarter.bat

    • Size

      167KB

    • MD5

      46d96a835e60ee73339082c3c7eb62cc

    • SHA1

      b9c668ea33db469cd1ed60bd8d31e5347975a72c

    • SHA256

      c11831adced48656b92417fa594e4037d1f42194cd134fef31f52e6cd4b35d4a

    • SHA512

      ca6705fb45e3712004702d903733cfd0dc91b63d0a41a6bb0531e18bedb6c57de8486f4e27aa8fff66c44acbcf2fad6a3b5267e9b69c144df917105e9c257497

    • SSDEEP

      3072:rKTAIOdL6ZlESFX0Wb8s7CqRa8gZbN8/Z2LfvTijJij6wTKGJWD:tlumcVb8sOqRbgA/Cf8+6Sq

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Target

      Newtonsoft.Json.dll

    • Size

      685KB

    • MD5

      081d9558bbb7adce142da153b2d5577a

    • SHA1

      7d0ad03fbda1c24f883116b940717e596073ae96

    • SHA256

      b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

    • SHA512

      2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

    • SSDEEP

      12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5

    Score
    1/10
    • Target

      bin/api-ms-win-crt-heap-l1-1-0.dll

    • Size

      12KB

    • MD5

      efbc21d545d6c4c57c6a66e836e33a32

    • SHA1

      4a4c267e2d6181f2aa71f6b3bb6904be47e06a07

    • SHA256

      48a564e05e98d10a327fdd41b1051c7407eada1530802efb470b7425ad07742c

    • SHA512

      2d9842b3bd1a8e8883202d3b0bff79440d01086d9b464f893c113eacc57171f74c7d2e003c1a15696b411fb054cdfd24cf539612deb0bc594815a7442ff1d52c

    • SSDEEP

      192:LaY17aFBRQWphWr+uWSawTyihVWQ4WWR2Gw4ZLqnajVxo+twGdi:TVWphWmwGyHGw6lx2+tLdi

    Score
    1/10
    • Target

      bin/api-ms-win-crt-locale-l1-1-0.dll

    • Size

      12KB

    • MD5

      c0efc253c1cff5778cd23e62060af6a8

    • SHA1

      ea760a8bc2248f2066938e16de849a2d1cc5c539

    • SHA256

      525c9a51b70233bdca0fd0dfd61d7051615616698374cea0b3ca55b8ef5792a7

    • SHA512

      92bade19f0140a851cb9b5e6c6b1ecaaa84484d4b47ddbb91d99fd6c332a42d50abd2cd58f5de3b28851bb0910c5215a340fd4a3082b184dacc4a6b05ad6494c

    • SSDEEP

      192:NWphWfpWSawTyihVWQ4PGWcQV0hbdiqnajBCI:NWphWmwGyrphsl9n

    Score
    1/10
    • Target

      bin/api-ms-win-crt-math-l1-1-0.dll

    • Size

      20KB

    • MD5

      dcd968fb42d0ff67e82fe0ce6ff312dd

    • SHA1

      920e52ab298274fae942c5cbb478780566ce183e

    • SHA256

      a2f7fb5d09670e2d785720d07d2541d064d939f3265de725d79dbec07a953b63

    • SHA512

      bc518ef9c2c640bcad1f8d9009c4961307754ecbc4455bd543d80057d1d5707fc7f87a001539cd5f21387a69640f73b9b4b5c3e1fcc5b15cd5e0b0314a98c9cd

    • SSDEEP

      384:gJI2M4Oe59Ckb1hgmLZWphWdwGyKXeGw6lx2+tE:gi2Mq59Bb1jE+F/ptE

    Score
    1/10
    • Target

      bin/api-ms-win-crt-multibyte-l1-1-0.dll

    • Size

      19KB

    • MD5

      26f357ef413713c57c8f84837d1ec94e

    • SHA1

      ae2671c819a2c1be8e7412126c2d93969acadafe

    • SHA256

      9ba3c364897009cb7f9d22e656dcdea154b437d9cc2a81969ab11d72e861b491

    • SHA512

      7f288a9d5b13dd417e8501e9ef8f624c0f29cc08e39e3cdc1b3fb40b4874a975678d23afdd081870cb8935fc263115b070252fe6288400b18cb175114546ada2

    • SSDEEP

      384:qUSrxLPmIHJI6/CpG3t2G3t4odXLZWphWpwGycGw6lx2+t7:riPmIHJI6iiwpt7

    Score
    1/10
    • Target

      bin/api-ms-win-crt-private-l1-1-0.dll

    • Size

      63KB

    • MD5

      19efeaab6ead964abffe520f975dbdc6

    • SHA1

      c895c62d6e7c25f2e7f142905b57565d1d3210e3

    • SHA256

      c65e7b9671d7263622761d70591a5c55f47d1f745e4dde62712e9c211b50fbf3

    • SHA512

      b6ac6a4d2fc6f9d031567badee63c99bb39d35303c0b0a428740216e90d549ed6650819c96fddd873f4e4cbf18bac0a7df2d42967a4d0b19076fcf39ce443f27

    • SSDEEP

      1536:JTs8iYDe5c4bFe2JyhcvxXWpD7d3334BkZn+P9GC:/iYDe5c4bFe2JyhcvxXWpD7d3334BkZM

    Score
    1/10
    • Target

      bin/api-ms-win-crt-process-l1-1-0.dll

    • Size

      12KB

    • MD5

      4142a4627d4d537389b641545dcda4ce

    • SHA1

      d05daefc74c4c089f5df7f3d2e333b2f0d2889d5

    • SHA256

      c8d3c40ea5c4ee9167c79aff577ba9598c1c95b649cb363f980fe72eb3641f56

    • SHA512

      11fff083d8e64ead33ad980c459d3661dbe3aec34ea40ad1a4d54ea996985d964c09773f027932bb544c168c3a1e37d50ed82739abbb66d1c67d809bad0fbb89

    • SSDEEP

      192:wnqjd71WphW5WSawTyihVWQ4CW8CnbdiqnajBCIej:wn8WphW+wGyEsl9nej

    Score
    1/10
    • Target

      bin/api-ms-win-crt-runtime-l1-1-0.dll

    • Size

      16KB

    • MD5

      9886ba5285ef26aa6fb093b284be99af

    • SHA1

      bdb8b82f95ce7b309d7cbe0aea4501455c2f435b

    • SHA256

      44fc35755a1865d293e8f9b61d35127474717c03cb8d5c8e400bb288d6624d0b

    • SHA512

      c1e172cc0f59da04cc5ccb44a33851f86ce47bcf308afa6521b64e5132baf52245f46a9a376dd5b922e3cf18d0339ec8b9424ff59a0b3695771c5f0e5ac59fd7

    • SSDEEP

      192:zaajPrpJhhf4AN5/KipWphW6WSawTyihVWQ4SW1tJqnajjqP6G8rgvM3:zlbr7fWphWnwGyCJlvCz8rgU3

    Score
    1/10
    • Target

      bin/api-ms-win-crt-stdio-l1-1-0.dll

    • Size

      17KB

    • MD5

      6424969d1330de668f119587744a77dc

    • SHA1

      161d63e1b491b673f617843b66aefa506860c333

    • SHA256

      1ea135cde9495900f7d1339384f4a93dd00053796209f8d625f49c3a3d191ae4

    • SHA512

      430ef56dc7d19f2b3565fb03bfad39d7f9ed67e676fa42337021131e908f93b8442d5d231a259eb43ae08f59e19d726c55e51c2cd684fc71c3a8a30657b608b8

    • SSDEEP

      192:GpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWyellCNxXeRqnajRyGdFP:G19OFVh7WphWuwGyg34JeRlFyGPP

    Score
    1/10
    • Target

      bin/api-ms-win-crt-string-l1-1-0.dll

    • Size

      17KB

    • MD5

      e849abbfca44c1a5489e92e6307aa9dc

    • SHA1

      9e97d3744989f8ee8284aecca29bfd235b4edb24

    • SHA256

      11311e78b47ce86cbce9d3fba59a8cabad36874f3fe58b4be6efaaf40a5e318b

    • SHA512

      b2bf9d892db8c8b779d3c50ead5d2b275a2eeac9b9c5592e1159f6d2c04d287dd77d243af2b9ba1e507d5b1c8c21b742a85e0e2eb17f8e852176d4d31d224422

    • SSDEEP

      384:JFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW/wGyxOilNH:35yguNvZ5VQgx3SbwA71IkFxc7

    Score
    1/10
    • Target

      bin/api-ms-win-crt-time-l1-1-0.dll

    • Size

      13KB

    • MD5

      57b9f090af61f408bbcf4d6a30f80c89

    • SHA1

      6ebb3353feb3885846cc68f163b903aa3d58bdfb

    • SHA256

      c2c826953847a616b59eaaa261a0c7712037691dd92df01d9b339c2ba752ef1c

    • SHA512

      4de6ec03b25c5577a8cf8809f38891c9dbea104fc3001f0a7a16e9000533426d4c65f6704816449b2a6234abb00f78462149c0a77f662a65100534a25e1c10ce

    • SSDEEP

      192:iy5NDSWphWuWSawTyihVWQ4eWfguCNxXeRqnajRAQN:iUEWphWzwGyHu4JeRlFA

    Score
    1/10
    • Target

      bin/api-ms-win-crt-utility-l1-1-0.dll

    • Size

      11KB

    • MD5

      0fc56003ffa56ccbb9e7b4e361f8675f

    • SHA1

      d3b6c0efc553d058d115a20ece9b28a29dd97b6a

    • SHA256

      e85f92bab9228a9f68ed1dd45f10fd08a6e69ceb476cb2a62a2a4b43bf572c3d

    • SHA512

      dbe5cf5ce11a797e13a0628ab737d85daf67005634a5168558fd683aac8dd90962742c5f071e1be746b0bdaa5179399f49835cc5cead525a683713e3948cbae5

    • SSDEEP

      192:DI6fHQduHWphWm4WSawTyihVWQ4eWtEyRpqCNxXeRqnajRMqXMxbh:xfxWphWuwGydy/q4JeRlF2xbh

    Score
    1/10
    • Target

      bin/clrcompression.dll

    • Size

      730KB

    • MD5

      81ef5fb2e7ad2e8e39f913b316831c02

    • SHA1

      6b473546afadd7dc4e27a0d8607a0c4068cc5eeb

    • SHA256

      dfef1cf457f13abe9336baa10e4efdc8d3308d90515f62848f29c8b4ace2d4bf

    • SHA512

      1e4218a5e6bab9e35b890b7eb24d6d4c0f4614f867ffbb1a4e855bcb8af6e83b0419083300eb25229a7382df3fc4b52af0ac28e2d2976fa54abf9db510b69d52

    • SSDEEP

      12288:pTQ2AED8dhkvT6vSC1T1KPAHhlyRMh8rXTw05nmZfRm:JHAEAdLvdTMPA+pwAmZfRm

    Score
    1/10
    • Target

      bin/clretwrc.dll

    • Size

      256KB

    • MD5

      ef23741ec8ea6217d304efa5b7022f51

    • SHA1

      9da7084dd66f7bb7ce972195158b9e65bf57e993

    • SHA256

      20869b32daa8cebd87baab5c43151f0a86bab684cb2434211ee1dbaaa437141a

    • SHA512

      7596d8b452856a60dda8894033e62276b11d3efe0c844b905eda69c565b63ff44bcac9f4ae38d05e5bebe776244b4a0f4247db3908152a8086651a54edd4a50d

    • SSDEEP

      1536:Icdp32g/JEjptNiHaAXQSWyNEpv9jILpQ01/fzCI9w67:Icd/CptNiPQSVNE98ffzBGE

    Score
    1/10
    • Target

      dnlib.dll

    • Size

      1.1MB

    • MD5

      508ccde8bc7003696f32af7054ca3d97

    • SHA1

      1f6a0303c5ae5dc95853ec92fd8b979683c3f356

    • SHA256

      4758c7c39522e17bf93b3993ada4a1f7dd42bb63331bac0dcd729885e1ba062a

    • SHA512

      92a59a2e1f6bf0ce512d21cf4148fe027b3a98ed6da46925169a4d0d9835a7a4b1374ba0be84e576d9a8d4e45cb9c2336e1f5bd1ea53e39f0d8553db264e746d

    • SSDEEP

      24576:WHjoaczZfdE55hHl0WQ/OO4yb99MANKtv7f2dcME:tm/BQWgww

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks