General
-
Target
http://www.mediafire.com/file/ao60hn9f3n32htu/MecurialGrabber.rar/file
-
Sample
250130-aajhystjft
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
Venom Pwn3rzs' Edtition v6.0.1
Botnet
Default
C2
101.99.91.31:3982
Mutex
ygjnwrxtrp
Attributes
-
delay
1
-
install
false
aes.plain
Targets
-
-
Target
http://www.mediafire.com/file/ao60hn9f3n32htu/MecurialGrabber.rar/file
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Enumerates VirtualBox registry keys
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare services registry key.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1