General

  • Target

    8d52e84237855b5866aa9b5b5daef09c190cbecb33496f7a9e6f3c04a95a347c

  • Size

    2.7MB

  • Sample

    241206-15hg9azqdx

  • MD5

    afc02c49b1e05afe28d9608fca9d9f9f

  • SHA1

    c823a9d175fa7a5c5d78a46c47e932045a61eb4a

  • SHA256

    8d52e84237855b5866aa9b5b5daef09c190cbecb33496f7a9e6f3c04a95a347c

  • SHA512

    c4d0dd4139743982c9e0625fcb229716492be5adbbe7afb441dc75c3396618ac31b2cc356298e91d947451104b5482fd2306dc68c6f140822719298ad89158ee

  • SSDEEP

    24576:1CwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHO:1CwsbCANnKXferL7Vwe/Gg0P+WhDxs

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

150.158.169.143:4449

Mutex

yjsgmyewwmp

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      8d52e84237855b5866aa9b5b5daef09c190cbecb33496f7a9e6f3c04a95a347c

    • Size

      2.7MB

    • MD5

      afc02c49b1e05afe28d9608fca9d9f9f

    • SHA1

      c823a9d175fa7a5c5d78a46c47e932045a61eb4a

    • SHA256

      8d52e84237855b5866aa9b5b5daef09c190cbecb33496f7a9e6f3c04a95a347c

    • SHA512

      c4d0dd4139743982c9e0625fcb229716492be5adbbe7afb441dc75c3396618ac31b2cc356298e91d947451104b5482fd2306dc68c6f140822719298ad89158ee

    • SSDEEP

      24576:1CwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHO:1CwsbCANnKXferL7Vwe/Gg0P+WhDxs

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Async RAT payload

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks