General

  • Target

    JaffaCakes118_d6759962ca644dd8a950d33c55b7b799a731540eb73166e29257a0e4139be7f5

  • Size

    8.0MB

  • Sample

    241221-w24tvswjht

  • MD5

    8941ee85726c886a7a32ba0be8865212

  • SHA1

    8bbd7c93c7664e6b3d07c65007d2bd1f1a7806ba

  • SHA256

    d6759962ca644dd8a950d33c55b7b799a731540eb73166e29257a0e4139be7f5

  • SHA512

    aedd101bde18e34292d9ea5e41285f70372ee0d207f037d812a157a0d53753941da3640d2915f04afc76e3193e88c655a8939e4c3e79e090dc26070623ef286c

  • SSDEEP

    12288:0b9Xn7Mu3qI70cNLTv3rb9Xn7Mu3qI70cNLTv3z7s8IyZV:0JX7MA0cNH3rJX7MA0cNH32yX

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

NOV-7(VHD)

C2

saddlepoint.duckdns.org:25045

Mutex

q0qeiwx9cj

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      6002845UDOOPZE.exe

    • Size

      301.0MB

    • MD5

      a0101393af76c8defc685601bf00b050

    • SHA1

      06deea9b7e544d86599c27e77b02193ba8ea65d7

    • SHA256

      2b28db92f130ef4d71ccfbc40b2456e2f82ea645a9d493f681269fe08e277cb2

    • SHA512

      cd59e33c5238445e5947775d57867204e8917232bd3a19787d20e269cba8dd8396ecf43f693480d4326b3725bf785b5c17e15ca7e81a836cfd5acc056e77d19a

    • SSDEEP

      3072:Ixrfsl33+seYAlFpKb45eoUeGo2mT9Vua0Hi:67s8pKrlePZV

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks