asyncrat | 7edb2695de8a294a93f6ad48edb3b1e8199fbfbed4a6dd78c180e3c29e7eaae6 | Triage

Submit
Reports

Overview

overview

Static

static

45a4b56828...a0.exe

windows7_x64

45a4b56828...a0.exe

windows10-2004_x64

Sharing

General

Target

45a4b5682899474927c9184aaeeed2a0.exe
Size

41KB
Sample

220120-ynph5abdd3
MD5

45a4b5682899474927c9184aaeeed2a0
SHA1

07106912a9aff461a3b4e8201474e0a70c0c4afa
SHA256

7edb2695de8a294a93f6ad48edb3b1e8199fbfbed4a6dd78c180e3c29e7eaae6
SHA512

4b7206bb343e9bf0694f732a282a71bf24fbf3520656bb186323091762b64d8dbf4c4cd580e6f93ef5a1478ab6af47fef1a6264f51d380d23f40792478a1b161

Score

10^/10

asyncrat venom clients persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

45a4b5682899474927c9184aaeeed2a0.exe

Resource

win7-en-20211208

asyncrat venom clients persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

45a4b5682899474927c9184aaeeed2a0.exe

Resource

win10v2004-en-20220112

asyncrat venom clients persistence rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

VenomRAT_HVNC 5.0.4

Botnet

Venom Clients

C2

188.119.112.140:4449

Mutex

Venom_RAT_Mutex_Venom_RAT

Attributes

anti_vm
false
bsod
false
delay
0
install
true
install_file
CvkjdhfWr.exe
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  45a4b5682899474927c9184aaeeed2a0.exe
- Size
  
  41KB
- MD5
  
  45a4b5682899474927c9184aaeeed2a0
- SHA1
  
  07106912a9aff461a3b4e8201474e0a70c0c4afa
- SHA256
  
  7edb2695de8a294a93f6ad48edb3b1e8199fbfbed4a6dd78c180e3c29e7eaae6
- SHA512
  
  4b7206bb343e9bf0694f732a282a71bf24fbf3520656bb186323091762b64d8dbf4c4cd580e6f93ef5a1478ab6af47fef1a6264f51d380d23f40792478a1b161
Score

10^/10

asyncrat venom clients persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratvenom clientspersistencerat

behavioral2

asyncratvenom clientspersistencerat

© 2018-2024

Terms | Privacy