General

  • Target

    bdb7a3283cbf0d20271acacbb1aea2f94018b4e477049c706be3cf66cc3239f5N.exe

  • Size

    571KB

  • Sample

    241216-mc32lawmgv

  • MD5

    fa5c1bd700ac8b0b4035f607c6ee7ea0

  • SHA1

    beba6ca16333e1480d201150ef2f02fbd1e4b613

  • SHA256

    bdb7a3283cbf0d20271acacbb1aea2f94018b4e477049c706be3cf66cc3239f5

  • SHA512

    715def92ccc0f54a20428073fdaad05eeea1136e190fb16f9c53f9b0bf504b3eeeda4c6435c922239f40e80b989474ba80cc76f048ff553a360ec75fe81860ef

  • SSDEEP

    12288:Fw6EjbSan4SRRRtK9mFuj0FaUua1AVsqTTCJVMf:xEjbESRbtK94u4uYARXCJVi

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Night -job

C2

62.210.189.1:4449

163.172.121.118:4449

Mutex

system-verison-window protection

Attributes
  • delay

    0

  • install

    true

  • install_file

    system.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      bdb7a3283cbf0d20271acacbb1aea2f94018b4e477049c706be3cf66cc3239f5N.exe

    • Size

      571KB

    • MD5

      fa5c1bd700ac8b0b4035f607c6ee7ea0

    • SHA1

      beba6ca16333e1480d201150ef2f02fbd1e4b613

    • SHA256

      bdb7a3283cbf0d20271acacbb1aea2f94018b4e477049c706be3cf66cc3239f5

    • SHA512

      715def92ccc0f54a20428073fdaad05eeea1136e190fb16f9c53f9b0bf504b3eeeda4c6435c922239f40e80b989474ba80cc76f048ff553a360ec75fe81860ef

    • SSDEEP

      12288:Fw6EjbSan4SRRRtK9mFuj0FaUua1AVsqTTCJVMf:xEjbESRbtK94u4uYARXCJVi

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • VenomRAT

      Detects VenomRAT.

    • Venomrat family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks