Overview

overview

10

Static

static

5

2f7103e6c4...bN.exe

windows7-x64

10

2f7103e6c4...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f7103e6c45fd0f91657b9104ec213662ab46322eb5d8790144568b45d901f1bN.exe

  • Size

    1.2MB

  • Sample

    241217-fne1ks1pbs

  • MD5

    ba37fbfa3aeaeb232642fb5752862330

  • SHA1

    40f6e7246792025c8954d9a45c43a04e7c3b2fd5

  • SHA256

    2f7103e6c45fd0f91657b9104ec213662ab46322eb5d8790144568b45d901f1b

  • SHA512

    8f8f0e396218a538e03ed430cffaaf8cb4951f979ccef35961123eddfef282e018bc02c50bccede92b1ee3a9e14615ba1af495d600a471452de03ee70674046a

  • SSDEEP

    24576:srORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaFjUSbRUu5+Jitsa+AxSp:s2EYTb8atv1orq+pEiSDTj1VyvBaFRbY

Score
10/10
asyncratquasarvenomratcpudefaultdiscoveryexecutionratspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

CPU

C2

ejss.duckdns.org:2020

Mutex

QSR_MUTEX_sgY7Anj7tlDvpiNxYU

Attributes
  • encryption_key

    H7ySIe3YXqpHozYioZRn

  • install_name

    BlustacksHelp.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    BlustacksHelp

  • subdirectory

    BlustacksHelp

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

104.244.72.108:9999

Mutex

ncfsoe5550321hojhanhrzxqoijhkjhgjkhgf

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2f7103e6c45fd0f91657b9104ec213662ab46322eb5d8790144568b45d901f1bN.exe

    • Size

      1.2MB

    • MD5

      ba37fbfa3aeaeb232642fb5752862330

    • SHA1

      40f6e7246792025c8954d9a45c43a04e7c3b2fd5

    • SHA256

      2f7103e6c45fd0f91657b9104ec213662ab46322eb5d8790144568b45d901f1b

    • SHA512

      8f8f0e396218a538e03ed430cffaaf8cb4951f979ccef35961123eddfef282e018bc02c50bccede92b1ee3a9e14615ba1af495d600a471452de03ee70674046a

    • SSDEEP

      24576:srORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaFjUSbRUu5+Jitsa+AxSp:s2EYTb8atv1orq+pEiSDTj1VyvBaFRbY

    Score
    10/10
    asyncratquasarvenomratcpudefaultdiscoveryexecutionratspywaretrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • VenomRAT

      Detects VenomRAT.

      rat

    • Venomrat family

      venomrat

    • Async RAT payload

      rat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks