asyncrat | Client[.]exe | Triage

Sharing

General

Target

Client.exe
Size

63KB
MD5

bf1e0b700f4955c1bf6ff3d5cd010658
SHA1

6919b4a8c0443b02846717e0764e7052b34c00c2
SHA256

ce44ab513606e6ba64fee7a9f5d5cd236b57dc856374578dca043d84e00d8541
SHA512

c6168ee1ceb98c3eca66b6aa1f5503849dc94e357da016dd5a1a6697337a68fc57bc3d4cc83dbdb74b4ed2b959a0b1099c18e93470db53d339bfbe0858b20844
SSDEEP

1536:ZhIBLTM3Ufc0cMdmeeiIVUGbbXwLDxmcGbzpqKmY7:ZhIBLTM3Ufc6d/egGbbX2iwz

Score

10^/10

rat venom clients asyncrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

tienMonkey-40774.portmap.io:40774

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

Client.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ