Thursday, October 10, 2024
HomeLowResearchers identified distribution of VenomRAT (AsyncRAT) Impersonating Korean IT Companies

Researchers identified distribution of VenomRAT (AsyncRAT) Impersonating Korean IT Companies

Source Name: Blog Post
Source Reliability: A-Reliable
Information Reliability: 1-Confirmed

AsyncRAT: The Anatomy of a Highly-Evasive Malware | Cyware | Research and  Analysis

Summary:
Researchers have found a shortcut file (.lnk) that downloads VenomRAT (AsyncRAT). For the LNK file to disguise itself as a legitimate Word file, it was distributed with the name ‘Survey.docx.lnk’ inside a compressed file which also contained a legitimate text file. Above all, users need to remain vigilant, as the executable file (blues.exe) used in the attack is disguised as a Korean company’s certificate.

Motivation: Unknown
Source Category: Technical Intelligence
Relevance Rating: Low

IOC Table:

SR NO IOC Type IOC Malicious Info
1 hash 2d09f6e032bf7f5a5d1203c7f8d508e4 VT Malicious=Not availableHash=585f9d699807c982dac2f8384a20d510736aa771653de965fe7bb2c40b4a3fa8
Kaspersky Zone=None
Kaspersky Hits = Not available
AV Detected=Not available
2 hash 2dfaa1dbd05492eb4e9d0561bd29813b VT Malicious=Not availableHash=bd23b38717e8fec3a17dc23020ffc985172f7683d2d46d0080eff8a80825845c
Kaspersky Zone=None
Kaspersky Hits = Not available
AV Detected=Not available
3 hash 335b8d0ffa6dffa06bce23b5ad0cf9d6 VT Malicious=Not availableHash=2aa569b95d506b163ce498b9bb864a28b560029c574b1abd4558016d26a0093d
Kaspersky Zone=None
Kaspersky Hits = Not available
AV Detected=Not available
4 hash e494fc161f1189138d1ab2a706b39303 VT Malicious=Not availableHash=5d6cc4d7e7ce998cf1d7bc8b78f787f9b034ab3dbdf8c91a33ad0233ddef2ac4
Kaspersky Zone=None
Kaspersky Hits = Not available
AV Detected=Not available
5 hash f57918785e7cd4f430555e6efb00ff0f VT Malicious=Not availableHash=27ec0c704261af619ce67a04c2f71b34e5c74110970b555208afb4aa65b4a723
Kaspersky Zone=None
Kaspersky Hits = Not available
AV Detected=Not available
6 url http://194.33.191.248:7287/adb.dll VT Malicious=23Kaspersky Zone=Not available
Kaspersky Hits = Not available
AV Detected=3
7 url http://194.33.191.248:7287/blues.exe VT Malicious=20Kaspersky Zone=Not available
Kaspersky Hits = Not available
AV Detected=3
8 url http://194.33.191.248:7287/docx1.hta VT Malicious=23Kaspersky Zone=Not available
Kaspersky Hits = Not available
AV Detected=3
9 url http://194.33.191.248:7287/qfqe.docx VT Malicious=23Kaspersky Zone=Not available
Kaspersky Hits = Not available
AV Detected=3
10 url http://194.33.191.248:7287/sys.ps1 VT Malicious=23Kaspersky Zone=Not available
Kaspersky Hits = Not available
AV Detected=3
11 ip 5.42.92.32 VT Malicious=4
Confidence=0Kaspersky Zone=Grey
Kaspersky Hits = 0
AV Detected=0
12 ip 5.42.92.37 VT Malicious=4
Confidence=0Kaspersky Zone=Grey
Kaspersky Hits = 0
AV Detected=0
13 ip 5.42.92.44 VT Malicious=4
Confidence=0Kaspersky Zone=Grey
Kaspersky Hits = 0
AV Detected=0
RELATED ARTICLES
- Advertisment -

Most Popular

Recent Comments