General

  • Target

    Client.exe

  • Size

    73KB

  • Sample

    241224-feba2a1phx

  • MD5

    16df4c5cd796674b00ce1057951723de

  • SHA1

    b3e9b12be9137cbe47be8efc0cafe41ff5a1a8a9

  • SHA256

    831e0d88c9a9e96dc0ce0b979ca353ec40925673f3fcc51267d9d1a6cdc11a33

  • SHA512

    770a8ce19d10ab145ae1751c3f4fb7d6fe041fe451a30eee3856e6ddaff6bfa0bea79c1f023e56993ae7ba3d5718bcdd78b4acc22f6badf31ec75f081e65cc6f

  • SSDEEP

    1536:wULkcxVKpC6yPMVKe9VdQkhDIyH1bf/S6xb2SQzc33VclN:wUocxVENyPMVKe9VdQgH1bfKG2SQSlY

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

zabblfdkiqcnixcr

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/sG1KxVNw

aes.plain

Targets

    • Target

      Client.exe

    • Size

      73KB

    • MD5

      16df4c5cd796674b00ce1057951723de

    • SHA1

      b3e9b12be9137cbe47be8efc0cafe41ff5a1a8a9

    • SHA256

      831e0d88c9a9e96dc0ce0b979ca353ec40925673f3fcc51267d9d1a6cdc11a33

    • SHA512

      770a8ce19d10ab145ae1751c3f4fb7d6fe041fe451a30eee3856e6ddaff6bfa0bea79c1f023e56993ae7ba3d5718bcdd78b4acc22f6badf31ec75f081e65cc6f

    • SSDEEP

      1536:wULkcxVKpC6yPMVKe9VdQkhDIyH1bf/S6xb2SQzc33VclN:wUocxVENyPMVKe9VdQgH1bfKG2SQSlY

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks