Overview

overview

10

Static

static

3

#RFQ_TSL10...df.exe

windows10-2004-x64

10

MidlrtMd.dll

windows7-x64

10

MidlrtMd.dll

windows10-2004-x64

10

Resubmissions

28/02/2025, 06:14

250228-gzd34atqs9 10

28/02/2025, 05:39

250228-gchsrsstbs 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ_TSL104.20221024_pdf.7z

  • Size

    1.6MB

  • Sample

    250228-gzd34atqs9

  • MD5

    c088aeb60f951d5abbe4f75bb8e5a91d

  • SHA1

    ede8ce6ea71a16013772242f24480d4ff48ba049

  • SHA256

    11ca540693946b76c043030643c3a4545e9ab69c5e0f7a6c618dfb35c3d16f56

  • SHA512

    54b9a6e4b6ec2eb3011a21c29b2547d0314dcbe9419e6549836b7f989503d08d23df9857225258eb8e970bd1da4064fc1c8400943f6476f94a3628de8069d372

  • SSDEEP

    24576:MytLUa9Lhh5mAXQMDH0lN9btaVn5+alQOsrPs50CTp0TLUFzVfX:fLxzAMDgDbtaZ5LPq2p0H6v

Score
10/10
asyncratdefaultdiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

192.3.3.160:4449

Mutex

dgyjjuennjymsan

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      #RFQ_TSL104.20221024_pdf.exe

    • Size

      2.1MB

    • MD5

      1c608d94dc3313d6700864ed023b2b8b

    • SHA1

      1f57a8ce4b75ac3c3145ddac3656ceb72d629cb5

    • SHA256

      536326d87665435a2590d3ca4470fb924fc30f2be008916c1fc7ee8d908a6b98

    • SHA512

      f9103af42a048a666790d37ae42585eff6a91942678ab07bb180d4f67b824dd0cc9b77de83a514e03d2cc9afbcb07405f18981517e1a062d77e98519b3598afe

    • SSDEEP

      49152:Eh91eGkV17RC4rlsHH14s6HIjPeqKJ/zBazj:RvVI4s6ojBKtBij

    Score
    10/10
    asyncratdefaultdiscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      MidlrtMd.dll

    • Size

      2.4MB

    • MD5

      949495cd0c75cd0b2ff66262cc9fb851

    • SHA1

      0356cfc0690398d266a13b1dbb589d7f2b3c0cdc

    • SHA256

      9fa6cfc4fde26f3291b4ff0e7b58a59772f42492eede10723b76036a91370ac3

    • SHA512

      23ee55b1839600f34752db61fa955ca7e0b128208ac1851ccfa56d637ddfc316f3aec65457ac7bd4d202f611082c8b30b8182cfa9b5e8b08712e12f148d6eade

    • SSDEEP

      49152:7MRYulyg9Qg5k5Kq/51m6GoVZy7nCSbcym1EwAFslEJB:MW1Ac

    Score
    10/10
    asyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks