General

  • Target

    Client.exe

  • Size

    75KB

  • Sample

    241011-zysh7stflh

  • MD5

    0cc47ff18d0e3298f9beab60d3aa579e

  • SHA1

    67c3020a046707cbde4dea02352272d6e6b77189

  • SHA256

    87dc5fec26bd15e8a2d4d47a3d29b8fe43be265666770bdecfb496c77c0e3212

  • SHA512

    e0f0627aa715665a27e3b505af264c3c2500b9414764d028fa0ecba0dc979a187f75baf4f97b4793b31325dda65310d8a3e3eccfe676b1f7b13e47334b5fe5b3

  • SSDEEP

    1536:fukU0OSeCX/PMRkYKt2OlY6H1bf/i7AkzkiLVclN:fXUHjAPMRkYv4jH1bfVk7BY

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

51.254.53.24:4449

86.68.222.14:4449

Mutex

ygfmgwcmzefwhl

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://xcu.exgaming.click

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://xcu5.exgaming.click

Targets

    • Target

      Client.exe

    • Size

      75KB

    • MD5

      0cc47ff18d0e3298f9beab60d3aa579e

    • SHA1

      67c3020a046707cbde4dea02352272d6e6b77189

    • SHA256

      87dc5fec26bd15e8a2d4d47a3d29b8fe43be265666770bdecfb496c77c0e3212

    • SHA512

      e0f0627aa715665a27e3b505af264c3c2500b9414764d028fa0ecba0dc979a187f75baf4f97b4793b31325dda65310d8a3e3eccfe676b1f7b13e47334b5fe5b3

    • SSDEEP

      1536:fukU0OSeCX/PMRkYKt2OlY6H1bf/i7AkzkiLVclN:fXUHjAPMRkYv4jH1bfVk7BY

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • VenomRAT

      Detects VenomRAT.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks