General

  • Target

    edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e.exe

  • Size

    2.6MB

  • Sample

    241114-dv4leaxmhm

  • MD5

    e8285f01dff90fca4b37d4df7da03c4b

  • SHA1

    fb19156b1aab033ed8b5212821a8b039a2c363d9

  • SHA256

    edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e

  • SHA512

    f39a69d1c546adb1ba1b744d02bc6407e36c51396d825c03957b584ac22ce1a0b21846a9181e57cb186d34d40cb32bed2662e0bf2caca1bd99f74ee457154a0d

  • SSDEEP

    49152:862EA6E97H+leX14OKwpGpKqYygbN3+3+C+m32sBHEAdpvQKQKd719O03WMl:862nJIO14OKT12Out22sBHXIKQe7e0x

Malware Config

Targets

    • Target

      edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e.exe

    • Size

      2.6MB

    • MD5

      e8285f01dff90fca4b37d4df7da03c4b

    • SHA1

      fb19156b1aab033ed8b5212821a8b039a2c363d9

    • SHA256

      edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e

    • SHA512

      f39a69d1c546adb1ba1b744d02bc6407e36c51396d825c03957b584ac22ce1a0b21846a9181e57cb186d34d40cb32bed2662e0bf2caca1bd99f74ee457154a0d

    • SSDEEP

      49152:862EA6E97H+leX14OKwpGpKqYygbN3+3+C+m32sBHEAdpvQKQKd719O03WMl:862nJIO14OKT12Out22sBHXIKQe7e0x

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • VenomRAT

      Detects VenomRAT.

    • Venomrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks