asyncrat | 88d89c64844f2998fc5320712297a9c8b3605d3bca0961e8c9a7cfc57532e28f | Triage

Sharing

General

Target

02804199.exe
Size

279KB
Sample

230603-x8wbqshg72
MD5

66d490d2d1e22c1f34a587d4540b5e20
SHA1

aeef8572e21ad99eb2bedcaa7be314fcb494fe69
SHA256

88d89c64844f2998fc5320712297a9c8b3605d3bca0961e8c9a7cfc57532e28f
SHA512

e24f544d8665f288862019e24020a5ffc9ac436267ebd3fdf294b5676ea372fec06e25ea89e8ae8312e35590aa102bf41f1a771c3c74b5907a8bf105990214e4
SSDEEP

6144:AFPMOf+wMAywM0EJksnqmSeXsm81cbsXN:AFPdfNMz0ECHLKs7ksXN

Score

10^/10

asyncrat redline all product - target - video new rai tay discovery evasion infostealer rat spyware stealer trojan

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.1

Botnet

new rai tay

C2

144.202.52.245:4449

Mutex

clfdboaluvjjxdlt

Attributes

delay
1
install
true
install_file
kyovn.exe
install_folder
%Temp%

aes.plain

Extracted

Family

redline

Botnet

All Product - target - video

C2

144.202.52.245:41294

Attributes

auth_value
f2bfa99f6737e17a57ce9c0a192eedbd

Targets

- Target
  
  02804199.exe
- Size
  
  279KB
- MD5
  
  66d490d2d1e22c1f34a587d4540b5e20
- SHA1
  
  aeef8572e21ad99eb2bedcaa7be314fcb494fe69
- SHA256
  
  88d89c64844f2998fc5320712297a9c8b3605d3bca0961e8c9a7cfc57532e28f
- SHA512
  
  e24f544d8665f288862019e24020a5ffc9ac436267ebd3fdf294b5676ea372fec06e25ea89e8ae8312e35590aa102bf41f1a771c3c74b5907a8bf105990214e4
- SSDEEP
  
  6144:AFPMOf+wMAywM0EJksnqmSeXsm81cbsXN:AFPdfNMz0ECHLKs7ksXN
Score

10^/10

evasion trojan asyncrat redline all product - target - video new rai tay discovery infostealer rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- UAC bypass
  evasion trojan
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratredlineall product - target - videonew rai taydiscoveryevasioninfostealerratspywarestealertrojan