asyncrat | d05ad3dc62e1dc45fd31dc2382c1ea5e5f26f4f7692cb2ef8fd1c6e74b69fa16 | Triage

Sharing

General

Target

INV0ICE_#TBSBVS0Y3BDSMMX.bat
Size

304KB
Sample

240222-sye5jscb86
MD5

32d3c2bfedc7408eba2e9794fa0aa234
SHA1

4a3f3e9d2bbd0f1f5a0e217d05e75b5bb3b2f1a7
SHA256

d05ad3dc62e1dc45fd31dc2382c1ea5e5f26f4f7692cb2ef8fd1c6e74b69fa16
SHA512

266ea8c5189b7a6f2e1fb74cef4e349078a5a9e3f1b918f33222a6f1f68d48ac901508020dfcc6c7e90aae4f0d35758bd31702c57118ec2d61702b6c4da13dd7
SSDEEP

6144:I3EFaqImw+8n0S8Or8VY1rcEIYN2z/MFCGD1rofsIrEp3lxFIK6Exj2RthLiGBkT:+qji0SRr84rc9zUYG67rOVIYgR+gBvZc

Score

10^/10

asyncrat venom clients rat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

febvenom8.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  INV0ICE_#TBSBVS0Y3BDSMMX.bat
- Size
  
  304KB
- MD5
  
  32d3c2bfedc7408eba2e9794fa0aa234
- SHA1
  
  4a3f3e9d2bbd0f1f5a0e217d05e75b5bb3b2f1a7
- SHA256
  
  d05ad3dc62e1dc45fd31dc2382c1ea5e5f26f4f7692cb2ef8fd1c6e74b69fa16
- SHA512
  
  266ea8c5189b7a6f2e1fb74cef4e349078a5a9e3f1b918f33222a6f1f68d48ac901508020dfcc6c7e90aae4f0d35758bd31702c57118ec2d61702b6c4da13dd7
- SSDEEP
  
  6144:I3EFaqImw+8n0S8Or8VY1rcEIYN2z/MFCGD1rofsIrEp3lxFIK6Exj2RthLiGBkT:+qji0SRr84rc9zUYG67rOVIYgR+gBvZc
Score

10^/10

asyncrat venom clients rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

asyncratvenom clientsrat