asyncrat | 373834225a126abde8256049e073b8e07bd06c7563f929783f441a1a63a88d1b | Triage

Submit
Reports

Overview

overview

Static

static

Image_Of_Victim.exe

windows7-x64

Image_Of_Victim.exe

windows10-2004-x64

Sharing

General

Target

Image_Of_Victim.exe
Size

1.9MB
Sample

221010-f5efdaahej
MD5

f1878e41af327064496e57f50d35395d
SHA1

b426d39e6928556a2b58d9147c3254b8fa6009a4
SHA256

373834225a126abde8256049e073b8e07bd06c7563f929783f441a1a63a88d1b
SHA512

ff28bbd0f3c7b04ba93f024d356cee092f14c3040b968ebae31bdd9116ed8762aadcec3ac3af3e06238a787ef87b5031d29acf708640c52ac80f55fdfcd89fdd
SSDEEP

49152:C5IoVKMQfTCFbMmHI6jduMG+XtbNztOsrStQ0pDWa:C5IoAMQfIr++dpztpStFJ

Score

10^/10

asyncrat venom clients collection rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Image_Of_Victim.exe

Resource

win7-20220901-en

asyncrat venom clients collection rat spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Image_Of_Victim.exe

Resource

win10v2004-20220812-en

asyncrat venom clients collection rat spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

tienMonkey-40774.portmap.io:40774

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Image_Of_Victim.exe
- Size
  
  1.9MB
- MD5
  
  f1878e41af327064496e57f50d35395d
- SHA1
  
  b426d39e6928556a2b58d9147c3254b8fa6009a4
- SHA256
  
  373834225a126abde8256049e073b8e07bd06c7563f929783f441a1a63a88d1b
- SHA512
  
  ff28bbd0f3c7b04ba93f024d356cee092f14c3040b968ebae31bdd9116ed8762aadcec3ac3af3e06238a787ef87b5031d29acf708640c52ac80f55fdfcd89fdd
- SSDEEP
  
  49152:C5IoVKMQfTCFbMmHI6jduMG+XtbNztOsrStQ0pDWa:C5IoAMQfIr++dpztpStFJ
Score

10^/10

asyncrat venom clients collection rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratvenom clientscollectionratspywarestealer

behavioral2

asyncratvenom clientscollectionratspywarestealer

© 2018-2024

Terms | Privacy