Analysis
-
max time kernel
65s -
max time network
71s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
30-09-2024 18:06
General
-
Target
Family.exe
-
Size
123KB
-
MD5
3d84114b1b545e01154f0fd09514a505
-
SHA1
6a76912c8df51b4ac632ec355ccdfc04069448d8
-
SHA256
723984ea90da0fde7d45c656f26e1196d6f933c2e47a287ab06f1d4051706e55
-
SHA512
ca55f8dfb0d861d0add789c62086b6502891da4c09476df2bdd35427addcd7482a30b7a01e89e35c0aa353fcff3f94290a37987d61b589f689ad656aa7ff22dd
-
SSDEEP
3072:btQ5N91hoocvLSZY4nBJTwjs4MU7P9KK0XAh1NAIsf:JQ5N912v+Y4B9wjs4P5L0XAH6
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Nymeria
C2
94.232.249.235:4449
94.232.249.235:13001
Mutex
lndumyrztqffbe
Attributes
-
delay
1
-
install
false
-
install_folder
%Temp%
aes.plain
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Family.exe"C:\Users\Admin\AppData\Local\Temp\Family.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
136KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
88KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
472KB
-
Filesize
64KB
-
Filesize
120KB