Overview

overview

10

Static

static

10

Clientfor triage.exe

windows7-x64

10

Clientfor triage.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Clientfor triage.exe

  • Size

    74KB

  • Sample

    240417-wyr1wshh73

  • MD5

    df7dfc7f1ca5217aa7fa6c5fa6de3d14

  • SHA1

    2ba55b118b80361989f879bf85b83ef1beccba54

  • SHA256

    936d1f245521d1bb692693036b4a4e8f5942768fd0faecbe6fe0d288f0d6fd50

  • SHA512

    c989eca51d23f719875ad7a871ce4f037c01ab275dc9e1b83a11a83dcac71e4bd63d6c5fa884fbcc9fb18bdaa006376fb41310deffda7873f8c6726059924619

  • SSDEEP

    1536:2Ume0cxFVTuCGbPMVoKEV9kIQ71bI/8VQzc2LVclN:2Um3cxFVaBbPMVvEVs71bI0VQPBY

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

94.156.8.65:8080

Mutex

asd

Attributes
  • delay

    1

  • install

    true

  • install_file

    asd.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Clientfor triage.exe

    • Size

      74KB

    • MD5

      df7dfc7f1ca5217aa7fa6c5fa6de3d14

    • SHA1

      2ba55b118b80361989f879bf85b83ef1beccba54

    • SHA256

      936d1f245521d1bb692693036b4a4e8f5942768fd0faecbe6fe0d288f0d6fd50

    • SHA512

      c989eca51d23f719875ad7a871ce4f037c01ab275dc9e1b83a11a83dcac71e4bd63d6c5fa884fbcc9fb18bdaa006376fb41310deffda7873f8c6726059924619

    • SSDEEP

      1536:2Ume0cxFVTuCGbPMVoKEV9kIQ71bI/8VQzc2LVclN:2Um3cxFVaBbPMVvEVs71bI0VQPBY

    Score
    10/10
    asyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks