asyncrat | 27f280d295573e4763a9daed3776439e637a38a05a874a22f0f0bd347356a0a5 | Triage

Sharing

General

Target

ManyCam.rar
Size

33.7MB
Sample

221126-th5kyafd37
MD5

f7a4d8174e52ac4e6e85bbd1301bc63f
SHA1

490d4860622e22b37951b84a34db562cb060acbf
SHA256

27f280d295573e4763a9daed3776439e637a38a05a874a22f0f0bd347356a0a5
SHA512

e0179546b2d388b04e96d5e84553ca0ff0d2ceddd40728f20ea0de7cafa1f90b12c3579e117fd543e4132ea63356dce1dc2338d72aabae40bf21f7993ecbeef6
SSDEEP

786432:FS9Lh/PvLZlPJ7IMw+Y266E1opEkY4MWMTzeRnATCACJcD6/yZ33BRv:FS99FHEf+JNCfnoAH3x

Score

10^/10

asyncrat venom clients rat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

127.0.0.1:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
true
install_file
Minecraft 1.8.8.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ManyCam/ManyCam.exe
- Size
  
  82KB
- MD5
  
  19d152e29f5641ab93b644e95301608b
- SHA1
  
  b5c53d40573640edc69604f297519905e1ba33c7
- SHA256
  
  896ed7dd5ab6fee52d1fc67a1f45dd2d7ae6a2ea31abc12ec9119764aa8841db
- SHA512
  
  96cf90d2a6b9d81f8e003c325f4a2e00ee15868680f2fa6a24673d97d2beb4b93762b0fe59afbde9fb858b83b32505f08e8b4c1cbd7ac6f0a2acc57738668efb
- SSDEEP
  
  1536:/hJBLTM3UfcYc7dI6k2lMv4GbbimkcG5KuYxlWnd841ciQZpqKmY7:/hJBLTM3UfcVdzkuGbbiyKWiQCz
Score

10^/10

asyncrat venom clients rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
behavioral1
- Target
  
  ManyCam/gameassistant64.exe
- Size
  
  1.5MB
- MD5
  
  3c09e05e76a98ac8f4c03cd695c6688f
- SHA1
  
  0e15dd61d09ad84e2c1964399d6dd0dcd1a14af1
- SHA256
  
  d281e357f38a64933880b527af361857f4e268a4810e0a621994a0eeb41d2a3f
- SHA512
  
  16817a4458e4380fc88962d5ed7dfe1fe136ec2d64dbb5a60a837e1c9b2f3692538aee2b996986159114263264095d1a51b1b7e53c97d82198b63ac75804ec46
- SSDEEP
  
  24576:U2+u5MDpaCLOCQ5UVsMv4qJ2JPyVPbuiDU6WbNHTKBL1Hc2l0s9vmgRumRg:U2+u5apVQ5ov4qkJ6VPEn1k5L10
Score

7^/10
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratvenom clientsasyncrat

behavioral1

asyncratvenom clientsrat

behavioral2