asyncrat | 6d1374bb816d1e54b4cffae41830837e0c83985156a4b33f5dbce644bdb61de9 | Triage

Resubmissions

23-09-2023 06:54

230923-hpl7dsdf3x 10

22-09-2023 05:10

230922-ftprzafc57 10

Sharing

General

Target

APT malware.zip
Size

1.7MB
Sample

230923-hpl7dsdf3x
MD5

e592b6b828fb175e0b00840e7d79a3b8
SHA1

48ad32246f2fea1888e8a084258607f5a9988a24
SHA256

6d1374bb816d1e54b4cffae41830837e0c83985156a4b33f5dbce644bdb61de9
SHA512

47083251696dcf0a5b5a489a9e000c3c2c8a1d110905b4460a6862f3669db3927fec90543c93d030b22b406efb7db0dc3344e85d6c478d649e1e4afba96061f3
SSDEEP

49152:kboYzEp67lBFpmR35Qap7+FmUMhQlSfqUT6mz6z6:kbjz267lpSQap7tUmqSfLLz6z6

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://139.84.231.199:8080/get/CF6frm57nj/mta.dll

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

193.161.193.99:31507

Mutex

ajmlxbvgoegjpkevdnz

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  APT malware.zip
- Size
  
  1.7MB
- MD5
  
  e592b6b828fb175e0b00840e7d79a3b8
- SHA1
  
  48ad32246f2fea1888e8a084258607f5a9988a24
- SHA256
  
  6d1374bb816d1e54b4cffae41830837e0c83985156a4b33f5dbce644bdb61de9
- SHA512
  
  47083251696dcf0a5b5a489a9e000c3c2c8a1d110905b4460a6862f3669db3927fec90543c93d030b22b406efb7db0dc3344e85d6c478d649e1e4afba96061f3
- SSDEEP
  
  49152:kboYzEp67lBFpmR35Qap7+FmUMhQlSfqUT6mz6z6:kbjz267lpSQap7tUmqSfLLz6z6
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat