asyncrat | 6d1374bb816d1e54b4cffae41830837e0c83985156a4b33f5dbce644bdb61de9 | Triage

Resubmissions

23-09-2023 06:54

230923-hpl7dsdf3x 10

22-09-2023 05:10

230922-ftprzafc57 10

Sharing

General

Target

APT malware.zip
Size

1.7MB
Sample

230922-ftprzafc57
MD5

e592b6b828fb175e0b00840e7d79a3b8
SHA1

48ad32246f2fea1888e8a084258607f5a9988a24
SHA256

6d1374bb816d1e54b4cffae41830837e0c83985156a4b33f5dbce644bdb61de9
SHA512

47083251696dcf0a5b5a489a9e000c3c2c8a1d110905b4460a6862f3669db3927fec90543c93d030b22b406efb7db0dc3344e85d6c478d649e1e4afba96061f3
SSDEEP

49152:kboYzEp67lBFpmR35Qap7+FmUMhQlSfqUT6mz6z6:kbjz267lpSQap7tUmqSfLLz6z6

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://139.84.231.199:8080/get/CF6frm57nj/mta.dll

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

193.161.193.99:31507

Mutex

ajmlxbvgoegjpkevdnz

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ekeng-mta.exe
- Size
  
  3.5MB
- MD5
  
  cbbad2e2170ee73c2bfdacdade718d29
- SHA1
  
  dcab4fafa0387c0b4f5b700763cea78afb092024
- SHA256
  
  3a679cb98f88d7d6bd84dcfe9717238c08c05942055bdb798103224e7f2f2ca9
- SHA512
  
  a4133f07ad8de23c82e164ee2bee32704efaf119cd4f1142145fca8688094b485317722db030e70fadeb8237a20dbded71f9340cafad8cdd982a1011da6fccca
- SSDEEP
  
  98304:R/YJIkkCBJroBdDv6Lj9uGQdT7Nx2Yn686n:R/0
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  mta.dll
- Size
  
  734KB
- MD5
  
  e1d068a143a5f2aaa98f231dfcfb0e72
- SHA1
  
  f5145ec20482b39b727e980169da92e36d4c5a6e
- SHA256
  
  7862632e456cc07a91d22aacd67333298369a502fb60c45c882fd62f6e9f5907
- SHA512
  
  6f1642c244d9e89ad7696004f67e0bb32eac0277454e18f4da19299c184bcc991aaa504c4f5b1c75ce80bfda3b695deca6027c3d135c3e1ad71e684ea8a27a11
- SSDEEP
  
  12288:mJpJ1Th7wGcxynJX05ZBnoKLiqjBHAaAtqNjhDtqNjhK:IpZqsgeVa2qNnqNo
Score

1^/10
behavioral3 behavioral4
- Target
  
  mta.ps1
- Size
  
  743B
- MD5
  
  d4567ca45aded54298f9ccf063ed89cf
- SHA1
  
  72ef210030f0f470433a6aacc66dfbe4cbfdad5c
- SHA256
  
  60416198c9b2105c9204638fd00e154e2f5c32ba45f5a8ae2671bae565c062e9
- SHA512
  
  e616e9711a76525a30063b226c1c11131c30199a5cdb6389b6867e8a626d49abfa43c549f83f068fe7dfbe99c62c124ff838e318807ad65e8cd5db318088331e
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
behavioral5 behavioral6

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat

behavioral3

behavioral4

behavioral5

asyncratdefaultrat

behavioral6

asyncratdefaultrat