Overview

overview

10

Static

static

10

ONEFix.exe

windows7-x64

10

ONEFix.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ONEFix.rar

  • Size

    32KB

  • Sample

    250122-c7anestpfs

  • MD5

    88a947c116f1ef7647dbf9cf0472f59a

  • SHA1

    b0a156e4c249ec89e2cc4c9eab09e1905d35836a

  • SHA256

    223bba409b781e7f0416284708c649b0382a1b10fd012507975365d5780bdd72

  • SHA512

    37bfdfc40c735c068852056201f32ab8d80d946d632d697d1d72a78d5f2004923879233e8465d8bcfc190f7ec768105e67645d0db46712b48acc1e415a4fe3ec

  • SSDEEP

    768:cPbArXk2g9I3/4ZJckeB6+7/38c/6C6lj4LvqgEOyUXUdYq20Zck:6AInzLN+n/6Caj4DSOd8Y7k

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

ahzlvriurjqtgdq

Attributes
  • c2_url_file

    https://paste.ee/r/7pGL0uGm/0

  • delay

    1

  • install

    true

  • install_file

    System.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ONEFix.exe

    • Size

      74KB

    • MD5

      3d5b558e7eb12c7eb23168e533b0f6d1

    • SHA1

      05c137a41b20f6e0432ccdd40038ca70429fd08d

    • SHA256

      71aadc7ef8af60621a64754638fca1e567109e901957f30e4563a7110dde17e5

    • SHA512

      9f3f7a19f45abdc7d7f030b3374ca5747f714ed0ad77a889ed8979c67f9ec59732b5ebdb5949e726e5b79b93a8ae10284c43cdcf6144fb7ce94f6b4425a818bb

    • SSDEEP

      1536:KUXNwcxKHXwzCtmPMVtNBzObsMIiH1bv/Y+3k3OQzcuLVclN:KUXicxK8WmPMVtNBzObhH1bvgmQnBY

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks