General

  • Target

    19c703ee06789d62f61493e5f3b9b7e84f35c07db55defe38c90a7261d6e8c4f

  • Size

    223KB

  • Sample

    241217-y2axwsxqdk

  • MD5

    15f3aee41617dba7d1f66e5d42c048bc

  • SHA1

    63ec1da10f925c886ea4c16a02179b23e8aefc8e

  • SHA256

    19c703ee06789d62f61493e5f3b9b7e84f35c07db55defe38c90a7261d6e8c4f

  • SHA512

    f7ce116f29b89a0d64d45cbb96838400228646de464528532cd29dcf801e528774da7c5675aee18f295b39e494373267dfccc28ee7195e3e9a4efb2b041a3baa

  • SSDEEP

    1536:2+iPkKjSFHBWAxEjc+aP1B4/Xg1gVHbUoKPJCvWhkFM5zym09dpvCLt+UTmk86+X:7i8bEAmjc+C1B4//AozGd0Yf5+uCdeGF

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

51.161.12.215:4449

Mutex

olzlzaglbcqbb

Attributes
  • delay

    9

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      19c703ee06789d62f61493e5f3b9b7e84f35c07db55defe38c90a7261d6e8c4f

    • Size

      223KB

    • MD5

      15f3aee41617dba7d1f66e5d42c048bc

    • SHA1

      63ec1da10f925c886ea4c16a02179b23e8aefc8e

    • SHA256

      19c703ee06789d62f61493e5f3b9b7e84f35c07db55defe38c90a7261d6e8c4f

    • SHA512

      f7ce116f29b89a0d64d45cbb96838400228646de464528532cd29dcf801e528774da7c5675aee18f295b39e494373267dfccc28ee7195e3e9a4efb2b041a3baa

    • SSDEEP

      1536:2+iPkKjSFHBWAxEjc+aP1B4/Xg1gVHbUoKPJCvWhkFM5zym09dpvCLt+UTmk86+X:7i8bEAmjc+C1B4//AozGd0Yf5+uCdeGF

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks