asyncrat | 0a9dfb33e18c0a9eefff09279a8bee5fdaaf091a2758504a589e2024c777a608 | Triage

Sharing

General

Target

WKR001.zip
Size

407KB
Sample

221018-x35cfsdcg3
MD5

9c3af373fd11566c1a704ee1714abe67
SHA1

61da64a60e4322fb92dc1920a30db8a5ca4eeb55
SHA256

0a9dfb33e18c0a9eefff09279a8bee5fdaaf091a2758504a589e2024c777a608
SHA512

2f4b6ca8af60b44036e67e0c890bfc1484825bb60c0a8570f05fe41f8e13ae90ebcf1b0da4ce441548f428da4d6b60876b78956f6b814254fd704294af6b9811
SSDEEP

3072:+1/rsILCP7Riu2P4LbLLARDzTmYlsBazywfYug:+1sImP7iQLkRjTUsYr

Score

10^/10

asyncrat venom clients rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

Venom Clients

C2

ry8325585.duckdns.org:6087

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://schoolcrypter.com/dll_startup

Targets

- Target
  
  WKR001.EXE
- Size
  
  300.0MB
- MD5
  
  ec0d7bfce7fe535906d4cc5e8eaa977e
- SHA1
  
  04dd52f75415fee6f61077e07aa9e744de857b3a
- SHA256
  
  a766403403d3c3de2ff965fbf148bcd56048b56d10e4dc65a702566669855016
- SHA512
  
  02029fedd33ec22482bd7ec796fde86b462c1ee7a92a443a6a8306d7c42c2e1c32086db4b927465956c20e600028904db8b0580a7c23d9af83cf4f4e9c9a21d4
- SSDEEP
  
  3072:cndCXcnX7ChnAAD6OByB6/lEsu0rmvHsMvIBk5z:cdCLDpByS3ryHsMvIBkt
Score

10^/10

asyncrat venom clients rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  WKR002.VBS
- Size
  
  236KB
- MD5
  
  7a52bb9f2fb57ce1bff8bd3f692d40ca
- SHA1
  
  bb39b944eb06e987eae9ccaa7f1d4b93bc72a89f
- SHA256
  
  93945370001cf9fb955aee425a60717a446a7e86c89edef0c8e862cbf588f0cb
- SHA512
  
  fe57c25777e12b3b563109e6186546286a05203650f089a02e179084a0bd48efc62e050d3efbb34089402686fdb53c9ed71347978d0d9b85602f5485ae32a1a3
- SSDEEP
  
  24:QnOilyjOMyE2aL8gVEuMvywFfV7N9Riwnwm43YQ7FYiVLneMDTFv9vPvW0mEOSRp:y16OeqyYLQeMHNOSAgHyLKhB
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenom clientsrat

behavioral2

asyncratvenom clientsrat

behavioral3

behavioral4