Overview

overview

10

Static

static

10

Client.exe

windows7-x64

10

Client.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client.exe

  • Size

    74KB

  • Sample

    230430-ffls6aad8y

  • MD5

    3566c4f706bbebb67878a461e23dc196

  • SHA1

    988d9336640ae8c8f59d7ee40e5cbb01a72f47a5

  • SHA256

    3b475cf40bdd62b35e9804b7cb8dafbe706e6dde37780dc6d0dbba22caf20d2c

  • SHA512

    9c00a17b07896307af56b229587158babdd50ae2bae7564c4cf7f18ad326d4617e4a0fba4ad49a603fc10cc505e057bf9fe492645bc97b3bc2d45e927f361fe0

  • SSDEEP

    1536:hUjacx+pEgCC8PMVHe9VdQuDI6H1bf/CBQQzcyLVclN:hUGcx+Dt8PMVHe9VdQsH1bf6yQjBY

Score
10/10
asyncrat2023discoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom Pwn3rzs' Edtition v6.0.1

Botnet

2023

C2

85.192.40.255:4449

Mutex

dsyuvsavyiusayviolusayiulvasikuviu

Attributes
  • delay

    1

  • install

    true

  • install_file

    fuikvhafdjkbvjksfdbjhkshdfkjbhajdkfbjkhdsagfhjdsajbgdjhksfagbhjikdfsgjhbkg.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Client.exe

    • Size

      74KB

    • MD5

      3566c4f706bbebb67878a461e23dc196

    • SHA1

      988d9336640ae8c8f59d7ee40e5cbb01a72f47a5

    • SHA256

      3b475cf40bdd62b35e9804b7cb8dafbe706e6dde37780dc6d0dbba22caf20d2c

    • SHA512

      9c00a17b07896307af56b229587158babdd50ae2bae7564c4cf7f18ad326d4617e4a0fba4ad49a603fc10cc505e057bf9fe492645bc97b3bc2d45e927f361fe0

    • SSDEEP

      1536:hUjacx+pEgCC8PMVHe9VdQuDI6H1bf/CBQQzcyLVclN:hUGcx+Dt8PMVHe9VdQsH1bf6yQjBY

    Score
    10/10
    asyncrat2023discoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks