General
-
Target
31012025_0145_PO690654W226614626001MLCWHKGH10051956.pdf.exe.iso
-
Size
1.3MB
-
Sample
250131-b6wc3azjar
-
MD5
3cd4aa0e567c3fa2d8b34c4f66f38843
-
SHA1
3dea6e256d46a946017f3c15806fd9187963343f
-
SHA256
8640c15126e8ec4503c9fa88ec3136baa36bfa37621e434674e117b83ee16ce1
-
SHA512
609e44b118b824b03c9949b9b534b46f234ddde006e7a4282dd899a4b26624ec3017770f2dda9fc06ab4967560a2faebdeed6f7bc5908d62d8a39801ce6eb354
-
SSDEEP
24576:gYsZPpPEug3h24WBVTzzXetV28sjMELZtGOm1Punn0yfChQB1thox+xkAu:gYsBpP53iL2QwDGu0ismthw+xQ
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
JAN
qnxsdyjsfdtxvg
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/Ax2bm8Nk
Targets
-
-
Target
PO690654W226614626001MLCWHKGH10051956.pdf.exe
-
Size
1.2MB
-
MD5
22d2fb041fb5c4424f5b34e7826e1aaf
-
SHA1
f4e4aed78f80fd50ff2a39633c78d705c1324257
-
SHA256
ef9eed5753290ece2e0b521d46667fdafe0d29581f91e3d9160b17153e73ebcf
-
SHA512
c5285d57239bcf1278677442d7273c5c14148d5e055ba5583a9fc4e9b190ffef7b56da05abcea3e04484a302b40c4a4eabfa64d73d44b3b3069d1d34c9f2534d
-
SSDEEP
24576:8YsZPpPEug3h24WBVTzzXetV28sjMELZtGOm1Punn0yfChQB1thox+xkAu:8YsBpP53iL2QwDGu0ismthw+xQ
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-