General

  • Target

    noantivm.exe

  • Size

    133KB

  • Sample

    241227-pm3vpavncx

  • MD5

    7a1c81423490d165b48799936a80b63b

  • SHA1

    e7240326f9c751326090f9f05d6ef068c93eb34f

  • SHA256

    2c67ce29cd8e26ea30b8828efb2d2ae2d135f1141ad80d333807bff1ea970901

  • SHA512

    f2e37d3a89476904a53f2930a27fb818088b3675fac47003eb44bba004477770251dcaff56973d881fce412ef725e0dcaa798f5027f1fe647e902147cb7a3e60

  • SSDEEP

    1536:ahUzAcxjVLcoCJPPMVEMawke4I8H1boNlLJ1eQzcK9VclN:KUUcxjVLLCPPMVxawkH1bo7LJgQrPY

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

Mutex

jiqbzsjfarhpqni

Attributes
  • delay

    1

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      noantivm.exe

    • Size

      133KB

    • MD5

      7a1c81423490d165b48799936a80b63b

    • SHA1

      e7240326f9c751326090f9f05d6ef068c93eb34f

    • SHA256

      2c67ce29cd8e26ea30b8828efb2d2ae2d135f1141ad80d333807bff1ea970901

    • SHA512

      f2e37d3a89476904a53f2930a27fb818088b3675fac47003eb44bba004477770251dcaff56973d881fce412ef725e0dcaa798f5027f1fe647e902147cb7a3e60

    • SSDEEP

      1536:ahUzAcxjVLcoCJPPMVEMawke4I8H1boNlLJ1eQzcK9VclN:KUUcxjVLLCPPMVxawkH1bo7LJgQrPY

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • VenomRAT

      Detects VenomRAT.

    • Venomrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks