General

  • Target

    IYBF9_Client.exe

  • Size

    74KB

  • Sample

    241216-sqjg1atley

  • MD5

    4e621ed074da8d121a8f419c00cb4c3a

  • SHA1

    723df7256adbaddecf269abfd255d28b5b860f1e

  • SHA256

    dca4f9884f0b0f5a1c534b3b2d867714b6ea7eac807bacf9e487e9a8d7e34355

  • SHA512

    77ebc87c1582d1f83195d2dd0f76432f895acac7b07cb1bca6599d7c42d83a544abcf719d9d80fc6e51cda05c6d9e3af06daed17a8fe970425030ab5fd0aaa1f

  • SSDEEP

    1536:SUaAcx2l/Cx2PMVie9VdQuDI6H1bf/k0WQzcuLVclN:SUDcx2Bq2PMVie9VdQsH1bfcjQnBY

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

5.20.104.111:4449

Mutex

kekagthwfcue

Attributes
  • delay

    1

  • install

    true

  • install_file

    defender.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      IYBF9_Client.exe

    • Size

      74KB

    • MD5

      4e621ed074da8d121a8f419c00cb4c3a

    • SHA1

      723df7256adbaddecf269abfd255d28b5b860f1e

    • SHA256

      dca4f9884f0b0f5a1c534b3b2d867714b6ea7eac807bacf9e487e9a8d7e34355

    • SHA512

      77ebc87c1582d1f83195d2dd0f76432f895acac7b07cb1bca6599d7c42d83a544abcf719d9d80fc6e51cda05c6d9e3af06daed17a8fe970425030ab5fd0aaa1f

    • SSDEEP

      1536:SUaAcx2l/Cx2PMVie9VdQuDI6H1bf/k0WQzcuLVclN:SUDcx2Bq2PMVie9VdQsH1bfcjQnBY

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • VenomRAT

      Detects VenomRAT.

    • Venomrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks