General

  • Target

    AWP.GG.exe

  • Size

    63KB

  • Sample

    241127-114vpayngj

  • MD5

    090fb6a455841538572f28e65abe87ad

  • SHA1

    b33bb39ecdf6216f2eb0490a1e8b0e6f9d051f56

  • SHA256

    f2f9488bf82e70695cc3a8e25e64681bcd057ccdf43aa5187a53f05f33f5c9fb

  • SHA512

    703e2bbb8819554de3f47eba85d1c3d42ebb6061a61bc5dc4314ad8ba579786b59996df1beaf0e358fb6f6987c1e238e9b2ea91030552558541a57c47cf3fe56

  • SSDEEP

    1536:YhIBLTM3Ufc0cMdQc78dgEmxwbbkwYFG+DpqKmY7:YhIBLTM3Ufc6dD7cywbbkFpgz

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

but-directive.gl.at.ply.gg:9840

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      AWP.GG.exe

    • Size

      63KB

    • MD5

      090fb6a455841538572f28e65abe87ad

    • SHA1

      b33bb39ecdf6216f2eb0490a1e8b0e6f9d051f56

    • SHA256

      f2f9488bf82e70695cc3a8e25e64681bcd057ccdf43aa5187a53f05f33f5c9fb

    • SHA512

      703e2bbb8819554de3f47eba85d1c3d42ebb6061a61bc5dc4314ad8ba579786b59996df1beaf0e358fb6f6987c1e238e9b2ea91030552558541a57c47cf3fe56

    • SSDEEP

      1536:YhIBLTM3Ufc0cMdQc78dgEmxwbbkwYFG+DpqKmY7:YhIBLTM3Ufc6dD7cywbbkFpgz

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks