asyncrat | f0ba0fdaeb248b67341c740cb728b056516768bee672c4df22f38dbad3598bde | Triage

Submit
Reports

Overview

overview

Static

static

4029013#.exe

windows7-x64

4029013#.exe

windows10-2004-x64

Sharing

General

Target

f0ba0fdaeb248b67341c740cb728b056516768bee672c4df22f38dbad3598bde
Size

402KB
Sample

221004-ec5anabch2
MD5

ca0d504d89fbea69214e40b896079d8b
SHA1

0c43265dd0448395cc3c88fd9dcc828dc95ec016
SHA256

f0ba0fdaeb248b67341c740cb728b056516768bee672c4df22f38dbad3598bde
SHA512

a5f9d41e04157f6b15c8729d09cb65c546bfb288368476f62a87387d395305e9c3098d63eb7ab12b404273b6cc37513ae27d3f5e9ca0005d1e85fef43a091cbe
SSDEEP

3072:MxXrxqAHh+Pat+LUacwdKZnQ0NLqbm6rw7Yia9p3VvP:MxXrY0h+YZZXfWw8iIvP

Score

10^/10

asyncrat may 17 rat

Static task

static1

Behavioral task

behavioral1

Sample

4029013#.exe

Resource

win7-20220812-en

asyncrat may 17 rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4029013#.exe

Resource

win10v2004-20220812-en

asyncrat may 17 rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.4

Botnet

MAY 17

C2

paris-comrademay17.duckdns.org:25045

Mutex

kjauwydefagvrcku64y

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  4029013#.exe
- Size
  
  300.0MB
- MD5
  
  41308dae88480a4eaf61b36767990bbe
- SHA1
  
  a347f3eb607df4c47b9473818866bcad6aef4e96
- SHA256
  
  190324c758fe4e21f2254d10bc9871b5e8a2e0f063a0b49f1680b3ee9f8da519
- SHA512
  
  ee0812562d7f0f16ea75ccc236ac85c986c47ed52fc75ffb8d1a21d9c62cb90855963d2678dfc01345e97f5435d320d0ba982d82f1d7395d066b843e49479c42
- SSDEEP
  
  3072:ZuDu8y65Hc4/+683JZbqaZ75yEzHX7NXjPP8shYd0CwbI+hRx:ZuDu8y65Hc4SrbqXEz37BjzugbIg
Score

10^/10

asyncrat may 17 rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratmay 17rat

behavioral2

asyncratmay 17rat

© 2018-2024

Terms | Privacy