General

  • Target

    2ef8fa02af0aa5c87517f7a02474bec551ea33f1a89c54778b384f2577b9796f.7z

  • Size

    84.2MB

  • Sample

    241213-tnh9wstmht

  • MD5

    0802ea6261c731da0eeae72a88193d4b

  • SHA1

    d88588d48b1c59e6c377a46f527e5471dadd6a3a

  • SHA256

    8ec30b45640b39c1952a43cc7c52cb58d3f69029f9dcae38358a785230587f23

  • SHA512

    6dc78cfe5b155f3c773b516355b8d8ef432ac6454e10ca32468db08d287d5dbf6657040459d79f51e5a002bcd75cbb5ae18647a51e626efbb2223fe347ea3d1b

  • SSDEEP

    1572864:2QegguUhBPHaq8nxYQj9eZEIHzN8YVypYmocCUL:MbPHapTe2GzN8YE6moct

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

103.187.5.183:4449

Mutex

ybhlsestsknld

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2ef8fa02af0aa5c87517f7a02474bec551ea33f1a89c54778b384f2577b9796f

    • Size

      130.7MB

    • MD5

      081b1195146ce49f03e1ed9b24d39a90

    • SHA1

      ee5f49b3a78757f2059bc43fab7efb4449a6b76f

    • SHA256

      2ef8fa02af0aa5c87517f7a02474bec551ea33f1a89c54778b384f2577b9796f

    • SHA512

      5945fbc614dbf5a7899483289e49dc1e292bfcdd235d8487add4a5b93f5227e952f24fa7dcf716d338a391355375a79584af1749d1dd296e6859e2a2152b87c8

    • SSDEEP

      393216:C76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfQnVQx4urYsANulL7No:C0LoCOn+2Qs4urYDNulLBiu8

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks