Overview

overview

10

Static

static

3

51c0cfc753...0a.exe

windows7-x64

10

51c0cfc753...0a.exe

windows10-2004-x64

10

Resubmissions

13-01-2025 00:07

250113-aegj6awkdt 10

12-01-2025 09:31

250112-lg7d5syqdk 10

12-01-2025 06:04

250112-gs1zaazlax 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51c0cfc7539dc3bb883969d384a7389373a144f65ce6d1b5ec39bff2f616510a.exe

  • Size

    1.3MB

  • Sample

    250112-gs1zaazlax

  • MD5

    4c71ccf76dccb2c58a85f67cf2fc6206

  • SHA1

    42436168ecfa82313617b91cebf489a11e28f29a

  • SHA256

    51c0cfc7539dc3bb883969d384a7389373a144f65ce6d1b5ec39bff2f616510a

  • SHA512

    24be3ac224544c2a38466604fb285155b1fddc811ee304ac5bfa46abadb925eba44d156c84f94a95b7e95cf28491405f748278ba287b531e24241a07a1cdc752

  • SSDEEP

    24576:VMjhqBd3X3R+wTqM6FWEn72mHvKgcLJj3gSPWbLK3AtIT2Awyfc7MEYb6:MEBdH3dt6gmHdclj3IK3zT27yEbYe

Score
10/10
asyncratvenomratdefaultdiscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

v1.2.2

Botnet

Default

C2

192.238.134.73:56003

192.238.134.73:56004

192.238.134.73:56005
Mutex

vjggiafzsllukefmlx

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      51c0cfc7539dc3bb883969d384a7389373a144f65ce6d1b5ec39bff2f616510a.exe

    • Size

      1.3MB

    • MD5

      4c71ccf76dccb2c58a85f67cf2fc6206

    • SHA1

      42436168ecfa82313617b91cebf489a11e28f29a

    • SHA256

      51c0cfc7539dc3bb883969d384a7389373a144f65ce6d1b5ec39bff2f616510a

    • SHA512

      24be3ac224544c2a38466604fb285155b1fddc811ee304ac5bfa46abadb925eba44d156c84f94a95b7e95cf28491405f748278ba287b531e24241a07a1cdc752

    • SSDEEP

      24576:VMjhqBd3X3R+wTqM6FWEn72mHvKgcLJj3gSPWbLK3AtIT2Awyfc7MEYb6:MEBdH3dt6gmHdclj3IK3zT27yEbYe

    Score
    10/10
    asyncratvenomratdefaultdiscoveryexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • VenomRAT

      Detects VenomRAT.

      rat

    • Venomrat family

      venomrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks