asyncrat | 538f828e062bb8200c9947698aa8d57281fb41df64e29bae5d148fc3b2983c36 | Triage

Submit
Reports

Overview

overview

Static

static

6474c38705...97.exe

windows7-x64

6474c38705...97.exe

windows10-2004-x64

Sharing

General

Target

6474c38705ed24203c4f2c1386465b97.exe
Size

1.2MB
Sample

221205-rwallshd33
MD5

6474c38705ed24203c4f2c1386465b97
SHA1

afecee20116234fb98d5ce66bb99dd71de43796c
SHA256

538f828e062bb8200c9947698aa8d57281fb41df64e29bae5d148fc3b2983c36
SHA512

bb3ef85bb1fd87245095aa68503347f3ee4452b871f26b4dd90a100e4d08b0164f96147c4a7f2a50d3c153bc26e162d9edf0bf68a37b1a3cf6b0915ee52a2e05
SSDEEP

12288:m7Xw8/7fKSkzJNolKRASwx7IkN24DLbwTDzGPNPbegfKk7ZT1uQOXVtOt5kYgkmI:mP7iqlKDw+m24D0cbDZuQmS5kme

Score

10^/10

asyncrat venom clients evasion rat

Static task

static1

Behavioral task

behavioral1

Sample

6474c38705ed24203c4f2c1386465b97.exe

Resource

win7-20221111-en

asyncrat venom clients evasion rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6474c38705ed24203c4f2c1386465b97.exe

Resource

win10v2004-20221111-en

asyncrat venom clients evasion rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

VenomRAT+HVNC+Stealer Version:5.0.8

Botnet

Venom Clients

C2

79.137.207.151:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT066840

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  6474c38705ed24203c4f2c1386465b97.exe
- Size
  
  1.2MB
- MD5
  
  6474c38705ed24203c4f2c1386465b97
- SHA1
  
  afecee20116234fb98d5ce66bb99dd71de43796c
- SHA256
  
  538f828e062bb8200c9947698aa8d57281fb41df64e29bae5d148fc3b2983c36
- SHA512
  
  bb3ef85bb1fd87245095aa68503347f3ee4452b871f26b4dd90a100e4d08b0164f96147c4a7f2a50d3c153bc26e162d9edf0bf68a37b1a3cf6b0915ee52a2e05
- SSDEEP
  
  12288:m7Xw8/7fKSkzJNolKRASwx7IkN24DLbwTDzGPNPbegfKk7ZT1uQOXVtOt5kYgkmI:mP7iqlKDw+m24D0cbDZuQmS5kme
Score

10^/10

asyncrat venom clients evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratvenom clientsevasionrat

behavioral2

asyncratvenom clientsevasionrat

© 2018-2024

Terms | Privacy