asyncrat | 6d4d71c94b1613f2bce90d54971e115c33fc57f3d78965cf219754c9393d263b | Triage

Submit
Reports

Overview

overview

Static

static

1

57875.exe

windows7-x64

57875.exe

windows10-2004-x64

Sharing

General

Target

57875.exe
Size

350KB
Sample

230523-wheevsge35
MD5

5616b95c1b71f2a56742274bec64cfc3
SHA1

1b092dbe0a5c797f89d52d853dc4f23a7d0dc87c
SHA256

6d4d71c94b1613f2bce90d54971e115c33fc57f3d78965cf219754c9393d263b
SHA512

86b92910f06320ae2500690a96111cc25a965858c6b86b5b649f884d43f942c0923a3ac35f694685ce75bb52fdd1c262dfa7058a8e7d059da4aa6be3aa3db93b
SSDEEP

6144:FjfgX5fZLs1RIu4FsFp7GUb8x9mTnQGo7Q7k91LQqWPzTg3:5YXhZLsyFMQUb8IQ/7R1UqWPzTg3

Score

10^/10

asyncrat default evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

57875.exe

Resource

win7-20230220-en

asyncrat default evasion persistence rat trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

57875.exe

Resource

win10v2004-20230220-en

asyncrat default evasion persistence rat trojan

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.1

Botnet

Default

C2

151.80.52.38:4449

Mutex

ctbrvrbjbpdrrmujx

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  57875.exe
- Size
  
  350KB
- MD5
  
  5616b95c1b71f2a56742274bec64cfc3
- SHA1
  
  1b092dbe0a5c797f89d52d853dc4f23a7d0dc87c
- SHA256
  
  6d4d71c94b1613f2bce90d54971e115c33fc57f3d78965cf219754c9393d263b
- SHA512
  
  86b92910f06320ae2500690a96111cc25a965858c6b86b5b649f884d43f942c0923a3ac35f694685ce75bb52fdd1c262dfa7058a8e7d059da4aa6be3aa3db93b
- SSDEEP
  
  6144:FjfgX5fZLs1RIu4FsFp7GUb8x9mTnQGo7Q7k91LQqWPzTg3:5YXhZLsyFMQUb8IQ/7R1UqWPzTg3
Score

10^/10

asyncrat default evasion persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Async RAT payload
  rat
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultevasionpersistencerattrojan

behavioral2

asyncratdefaultevasionpersistencerattrojan

© 2018-2025

Terms | Privacy