General

  • Target

    Loader.exe

  • Size

    2.1MB

  • Sample

    241217-xyb54swnbj

  • MD5

    084519881ac16c16cf9206f97a68f79e

  • SHA1

    7b0fbc312ec9176a69ccb3036636e2423320cd79

  • SHA256

    89057bbeb5618835524cf8fc3a645fc5137553638520e763901fa1f2f8cdbe66

  • SHA512

    84b2867560cdbd3ca797196b208495631e49a87a2ea7451d6d68b52ea1ada0546c81d9b2e37b630440565cd53661c6541eb91c8bd662bb10780f87a7c7db5633

  • SSDEEP

    49152:4ZZosvRgdkadC7i03aQAZutzArxizJZTrEbupmpVwMgc:4ZZostak7RGuqGJZXdpmIn

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

193.161.193.99:53757

Mutex

hsaurcrgqwhjimnkbht

Attributes
  • delay

    1

  • install

    true

  • install_file

    Load.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Loader.exe

    • Size

      2.1MB

    • MD5

      084519881ac16c16cf9206f97a68f79e

    • SHA1

      7b0fbc312ec9176a69ccb3036636e2423320cd79

    • SHA256

      89057bbeb5618835524cf8fc3a645fc5137553638520e763901fa1f2f8cdbe66

    • SHA512

      84b2867560cdbd3ca797196b208495631e49a87a2ea7451d6d68b52ea1ada0546c81d9b2e37b630440565cd53661c6541eb91c8bd662bb10780f87a7c7db5633

    • SSDEEP

      49152:4ZZosvRgdkadC7i03aQAZutzArxizJZTrEbupmpVwMgc:4ZZostak7RGuqGJZXdpmIn

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks