General

  • Target

    test denovo.exe

  • Size

    74KB

  • Sample

    241201-h3rzsssrdr

  • MD5

    4330642b1f3c75e376da876245138800

  • SHA1

    72228b675c946ecbdefa9fc0938d04861b8acd89

  • SHA256

    c12d0924a3ff38fad8d7aa4fa9abeafd2dec07b452bd0d5d10af5f5b07f244e7

  • SHA512

    c892485efc7326ea02dfbc9ce6058289058f485ebfbdf0ea0507036690beb7c51a3e8cd5f06fa8343d69f69abccdf30f9d3882dc0133c34a22debcb31374d74d

  • SSDEEP

    1536:5UNQcx6ZoCrGPMVU+/sIRH1bJ/SOlgNQzcyLVclN:5Uicx6qQGPMVU+/PH1bJbl8QjBY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:1177

127.0.0.1:21053

187.18.72.113:1177

187.18.72.113:21053

189.14.62.242:1177

189.14.62.242:21053

192.168.1.6:1177

192.168.1.6:21053

210.53.210.53:1177

210.53.210.53:21053

10.9.237.62:1177

10.9.237.62:21053

Mutex

aewfcdorqvoec

Attributes
  • delay

    1

  • install

    true

  • install_file

    start.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      test denovo.exe

    • Size

      74KB

    • MD5

      4330642b1f3c75e376da876245138800

    • SHA1

      72228b675c946ecbdefa9fc0938d04861b8acd89

    • SHA256

      c12d0924a3ff38fad8d7aa4fa9abeafd2dec07b452bd0d5d10af5f5b07f244e7

    • SHA512

      c892485efc7326ea02dfbc9ce6058289058f485ebfbdf0ea0507036690beb7c51a3e8cd5f06fa8343d69f69abccdf30f9d3882dc0133c34a22debcb31374d74d

    • SSDEEP

      1536:5UNQcx6ZoCrGPMVU+/sIRH1bJ/SOlgNQzcyLVclN:5Uicx6qQGPMVU+/PH1bJbl8QjBY

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks