Overview

overview

10

Static

static

3

eVoucher.exe

windows7-x64

10

eVoucher.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8bd8e4dff728c174981743c2591dc33925092bd728b0d853c808bfd1f18278c9

  • Size

    522KB

  • Sample

    241229-lk437aykhy

  • MD5

    2c51e282052f1b621dccae924acac323

  • SHA1

    0c85e5ea92b5d0f14e082441f4d5e67c7aaf1abf

  • SHA256

    8bd8e4dff728c174981743c2591dc33925092bd728b0d853c808bfd1f18278c9

  • SHA512

    901e38d561016ca9ddb89af7bd4da729e42b87b56b7024580fbfa6f34a26b3ad82290ef7f9a4b59eb4815819bf81e4f88e949ad915a7b9e12eef91efdc9e016a

  • SSDEEP

    6144:jYqI0zbVtOw7BcedtNv4ruicWwt/VrldEoF:jYqx1QQBcedtNsHwt/VrlKoF

Score
10/10
asyncrataugust-04discoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

August-04

C2

fejong.duckdns.org:25045

Mutex

iordes45s

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      eVoucher.exe

    • Size

      300.0MB

    • MD5

      3bf947955196c0d542ab337354bba05f

    • SHA1

      9695affc705e866e7b1307ecfadd9db37acc3918

    • SHA256

      49cb3e0011f6d43b205c5336abf642d56ad93c7ebb250aa8cc907d08d06f382e

    • SHA512

      1dd243cc586dc516044b9e42452bba87a796a6c177bfef7cd4a1be12bd7282f3887bf220b2411f360c5ba82bd59276ccc3265b4aecc2173cd3f6a7d88194fe6f

    • SSDEEP

      6144:xpOo/IPZccVtOw7Msw0b+lNZxsEOFco5z:rOo/YZ1QQXz6lHP8

    Score
    10/10
    asyncrataugust-04discoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks