General

  • Target

    13d33a7b26b28c2fcd4508b5207df238.bin

  • Size

    2.5MB

  • Sample

    241202-rsar7sxmfy

  • MD5

    026a0020bab895cb77562525015b053e

  • SHA1

    bb54a59de88f60546777e1624b302deb1faa9c17

  • SHA256

    f25afb46232489a4405f9b0a821c74adf48a6e18a1669449f537446104b16ff1

  • SHA512

    adaa8239fcae940da88b70f1be6b3df522f5c8685de0ebc198d979c12168195b41222cb0086d49f031714f8b3d4133340f483f4111592b1182b78c89c6c8f339

  • SSDEEP

    49152:G33sSohQGYN6tbRf0/hRpVKw1C9IPiF9ZFkpDX+UVNJrMdJBJtUdj6l:G33sVWGYN6tbK/Zf2IPG2RuYzrMF8E

Malware Config

Targets

    • Target

      e407bd010e2e640169a2812066864cd837b10506f01316dc2cada9ba64d99428.exe

    • Size

      2.6MB

    • MD5

      13d33a7b26b28c2fcd4508b5207df238

    • SHA1

      191d203c8d3bb987e900e48327f7a6c263886835

    • SHA256

      e407bd010e2e640169a2812066864cd837b10506f01316dc2cada9ba64d99428

    • SHA512

      0a20d3167d09c9b461034e01906ef985f513a4f2d103dc30f687e2561acd567dc662747e56c8abe051a4cd70264909257e9992ccc9d04cc1d5e45b46768f25e9

    • SSDEEP

      49152:UcAlPK3HHE8IGnvZ35VMvIL9LwoqxNzO1Gfj+/CEPckJkr3EKz7kSTJWK9:9UUHjzxsvILCoBGLw0RLz7tAK9

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • VenomRAT

      Detects VenomRAT.

    • Venomrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks