Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/l...

windows10-2004-x64

10

Resubmissions

16-11-2024 19:18

241116-xz6fcasclh 10

16-11-2024 17:55

241116-whe2dszmgt 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/loxy0dev/RedTiger-Tools/releases/tag/v6.1

  • Sample

    241116-xz6fcasclh

Score
10/10
asyncratdefaultdiscoveryexecutionmotwphishingrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://xcu.exgaming.click

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://xcu5.exgaming.click

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

Mutex

gpwqqieuizjocjlhygh

Attributes
  • delay

    1

  • install

    false

  • install_file

    Windows

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      https://github.com/loxy0dev/RedTiger-Tools/releases/tag/v6.1

    Score
    10/10
    asyncratdefaultdiscoveryexecutionmotwphishingrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks