Overview

overview

10

Static

static

1

20022025_1...89.vbs

windows7-x64

3

20022025_1...89.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20022025_1553_9491700097082_20250101_20250211_40489.vbs

  • Size

    59KB

  • Sample

    250220-tffh2azmz7

  • MD5

    ed21073856c03d1b0c3690cdc3acae54

  • SHA1

    7080a7970f39ebc0928fd1563a39894c1b0b9daa

  • SHA256

    8d8048f2936aa8f30891ba0bb4d6710aa4a13c4795122154d2fc5dad85c366d5

  • SHA512

    c4948f3039ce07ba5e88eef975c3a3718f13acd2fa49472e0f99aebb2154babc26001391b715043b1670a0eb82a1ebfcee3d0b4ac515e8e1e7000bc51814cec5

  • SSDEEP

    768:cMqKvuBXF44i4wbTHDudi0NCefDOZaBZamnDyKp09WB5zMwIZ8ltcYTw2j7ZguRM:wFuqdfDOkbH7FIZySYtj1guT7pvjI

Score
10/10
asyncratvenomratfeb 19discoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

FEB 19

Mutex

cgkwgawwtvsvxsymd

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/Ax2bm8Nk

aes.plain

Targets

    • Target

      20022025_1553_9491700097082_20250101_20250211_40489.vbs

    • Size

      59KB

    • MD5

      ed21073856c03d1b0c3690cdc3acae54

    • SHA1

      7080a7970f39ebc0928fd1563a39894c1b0b9daa

    • SHA256

      8d8048f2936aa8f30891ba0bb4d6710aa4a13c4795122154d2fc5dad85c366d5

    • SHA512

      c4948f3039ce07ba5e88eef975c3a3718f13acd2fa49472e0f99aebb2154babc26001391b715043b1670a0eb82a1ebfcee3d0b4ac515e8e1e7000bc51814cec5

    • SSDEEP

      768:cMqKvuBXF44i4wbTHDudi0NCefDOZaBZamnDyKp09WB5zMwIZ8ltcYTw2j7ZguRM:wFuqdfDOkbH7FIZySYtj1guT7pvjI

    Score
    10/10
    discoveryasyncratvenomratfeb 19executionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • VenomRAT

      Detects VenomRAT.

      rat

    • Venomrat family

      venomrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks