General

  • Target

    5.exe

  • Size

    1.8MB

  • Sample

    240926-r41srsseql

  • MD5

    8c9c35191068974382d0637e4ef4af43

  • SHA1

    a00ac4856e32c4a836d6ca050ddaf745de8cee61

  • SHA256

    0f80bb8d09855e63b1c7ee2b16831885827c255e757d73106791d09ec3fd94f1

  • SHA512

    610502b61500c1ecbeb6539a1b60fd4009b777029233b0a80453ee93ce1b6b286f944a0dc1bbad1665eceb8a33ca6ea2a2e2ca54d0fb4c6745b71ef03fcdb50f

  • SSDEEP

    49152:n2EYTb8atv1orq+pEiSDTj1VyvBa44yHdBvAnOx30KlhY33lSYHEz/N:2XbIrqabvAn043UYH

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.montereal.com.pe/INV3294331887.txt

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

91.92.240.191:4449

91.92.240.191:2025

Mutex

xpexpmibjcreztb

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      5.exe

    • Size

      1.8MB

    • MD5

      8c9c35191068974382d0637e4ef4af43

    • SHA1

      a00ac4856e32c4a836d6ca050ddaf745de8cee61

    • SHA256

      0f80bb8d09855e63b1c7ee2b16831885827c255e757d73106791d09ec3fd94f1

    • SHA512

      610502b61500c1ecbeb6539a1b60fd4009b777029233b0a80453ee93ce1b6b286f944a0dc1bbad1665eceb8a33ca6ea2a2e2ca54d0fb4c6745b71ef03fcdb50f

    • SSDEEP

      49152:n2EYTb8atv1orq+pEiSDTj1VyvBa44yHdBvAnOx30KlhY33lSYHEz/N:2XbIrqabvAn043UYH

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks