asyncrat | 370e164fc6451e82e42ca5cdd39b30d50cd4b4c6b8f25c17a2edfeb362330d8a | Triage

Submit
Reports

Overview

overview

Static

static

gf.exe

windows10-2004-x64

gf.exe

windows11-21h2-x64

Sharing

General

Target

gf.exe
Size

63KB
Sample

240124-sgsz3sdbh6
MD5

d82e9c12d9548d1acd3be6d715d7e19e
SHA1

df382e180890ba08ce00bc7eff46370a40e91c22
SHA256

370e164fc6451e82e42ca5cdd39b30d50cd4b4c6b8f25c17a2edfeb362330d8a
SHA512

ed18c791ff99602a21dd8f9a54a6b66757029ec36f25df27d93f79dd3572e8391d61fae95eb33d449b6cf8cccf1b1e83d2bdcf92e11a281668d766dd4efcdf9c
SSDEEP

1536:Wvw4ZBAbazxvutlT+GbbSwLKd4mSGuDpqKmY7:WvhIaz1KQGbbSiKdB8gz

Score

10^/10

asyncrat venom clients rat

Static task

static1

rat venom clients asyncrat

3 signatures

Behavioral task

behavioral1

Sample

gf.exe

Resource

win10v2004-20231222-en

asyncrat venom clients rat

windows10-2004-x64

11 signatures

600 seconds

Behavioral task

behavioral2

Sample

gf.exe

Resource

win11-20231215-en

asyncrat venom clients rat

windows11-21h2-x64

10 signatures

600 seconds

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

127.0.0.1:42474

176.150.69.221:42474

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
true
install_file
aaaaaaaaaaaaaaaaaaaaaa.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  gf.exe
- Size
  
  63KB
- MD5
  
  d82e9c12d9548d1acd3be6d715d7e19e
- SHA1
  
  df382e180890ba08ce00bc7eff46370a40e91c22
- SHA256
  
  370e164fc6451e82e42ca5cdd39b30d50cd4b4c6b8f25c17a2edfeb362330d8a
- SHA512
  
  ed18c791ff99602a21dd8f9a54a6b66757029ec36f25df27d93f79dd3572e8391d61fae95eb33d449b6cf8cccf1b1e83d2bdcf92e11a281668d766dd4efcdf9c
- SSDEEP
  
  1536:Wvw4ZBAbazxvutlT+GbbSwLKd4mSGuDpqKmY7:WvhIaz1KQGbbSiKdB8gz
Score

10^/10

asyncrat venom clients rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ratvenom clientsasyncrat

behavioral1

asyncratvenom clientsrat

behavioral2

asyncratvenom clientsrat

© 2018-2024

Terms | Privacy