General

  • Target

    JaffaCakes118_5e1927efa5893ea03dedbcbfd93bd55e502e842ab8f0f868377838b9ae200ee5

  • Size

    1.2MB

  • Sample

    241224-l6jpdavmak

  • MD5

    a7403056211362016991f0be3978717d

  • SHA1

    d9bf42c6d89905cd9e0b295ea366d557fae24f50

  • SHA256

    5e1927efa5893ea03dedbcbfd93bd55e502e842ab8f0f868377838b9ae200ee5

  • SHA512

    b5f217078dd9ccde52cc73aff69d206e3ab7b5b4bf1571824d66d7a4d8cd178e6c81484de453cb9436dd83e018a07fe8f4851eb346b8fadff586b6d7da9667bc

  • SSDEEP

    1536:VC0IkZJp0BF0TUvg2wGzZQc6+cKKqymrpROIX3PdeNVJ:Q1I0z0ov5tQ3bNqymWIHlWJ

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

Venom Clients

C2

g896696.duckdns.org:7343

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      QWEDFGHNM01LKJNB70.exe

    • Size

      300.0MB

    • MD5

      dc03290442587a0f396214227b2a95c3

    • SHA1

      6c25ed2e5f38277405b11c162c6e347dd13f80b1

    • SHA256

      3a0c56f5de394f437e20cd22718e1feb0a3d66aeb13fb60f4b5a61e04bfea2f6

    • SHA512

      e5a62ef9d41b66e5f7e5ffd6861bcdbb7d34ee81ec40aa6c6801441e1e0460f3e262ecd270d7641aa332fa468e385da36c9ffeb54eab2cc7372a1bb9be5259eb

    • SSDEEP

      3072:NtX+qpAgYWQAZWy6tQ3bNwymWIi7sGe8IsPsBAAAAAAAAAAAAAAAAAASY:OqpTQAZz6+Nwe8Ge8XC

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks