General

  • Target

    JaffaCakes118_8c1a00e02263f2e8fdc7e04a3037bbad020006319d569162452aa9d616fa4ee7

  • Size

    483KB

  • Sample

    241223-rsg7aaskav

  • MD5

    f84b8f1c47e85dca0ba0725d17571ccd

  • SHA1

    31788815627f67b3150e133a409b6e8cb8ee0d40

  • SHA256

    8c1a00e02263f2e8fdc7e04a3037bbad020006319d569162452aa9d616fa4ee7

  • SHA512

    327d6f6529e970b3a601b29d9613443594364c1ab360c6f1ca2086cb8206ca0e6ec9cd6782420a024bb82eea1d18c36c46c689ff2eadb757ae5a63b572dce98d

  • SSDEEP

    3072:7QBgL8npOntBnNOTUMBF6kI1hCRFukPxHOhTUV7V:7QBg7t7OQkF6dw3KTy7V

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

Venom Clients

C2

resulttoday2.duckdns.org:6111

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      URFT06GSBAWRP_001_PDF.exe

    • Size

      300.0MB

    • MD5

      464753cd8a6523de0fba921ce6846177

    • SHA1

      6b3b77af1129f9ad86acc31163d8450eacb4dbd3

    • SHA256

      3221a50204afcf59f4a836680d1e484903ac3aa389c2105d059efc51b8461092

    • SHA512

      589d0919ddf11d1e8e8eff15a0f78623742e5ab6b16e2b754f519f3bfc7912ccd6c43ad5ffe5c0e11c315f9835936b6b2039dc579527d50cb25333844b0876f2

    • SSDEEP

      3072:1iJZ3k2p8jrvVIYkwur2JMBZ6kINhCRFuaABOUEs64BRg40nOFblHTgr4:1OyRr9u1KJkZ6dIYBUeBRgOlWU

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks