asyncrat | 7c680a2e8e309a90a18ec45b16af3514ecbe43d761968c6c94d76144fcba9b79 | Triage

Submit
Reports

Overview

overview

Static

static

erwer.exe

windows7-x64

erwer.exe

windows10-2004-x64

Sharing

General

Target

erwer.exe
Size

63KB
Sample

240427-mym79shf4t
MD5

f37b2278ca7f7064cb00956fa2dfc9c0
SHA1

a70187d714d5dcfbdaa67fbb789452e63e433812
SHA256

7c680a2e8e309a90a18ec45b16af3514ecbe43d761968c6c94d76144fcba9b79
SHA512

8b88b80126a86c3433c2a9f04999b0c90835ef955a1a50271d6164468585038e92716066e660915e8668a703d5029d6546d8d90bab6341a1cc4ff508b39f76b4
SSDEEP

1536:shBxLDlw0eEUzsUtjTk0vfTwrGbb/wChxGCDpqKmY7:shBxLDlw0dUvtjTk0XTaGbb/Rhhgz

Score

10^/10

asyncrat venom clients rat

Static task

static1

rat venom clients asyncrat

3 signatures

Behavioral task

behavioral1

Sample

erwer.exe

Resource

win7-20240221-en

asyncrat venom clients rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

erwer.exe

Resource

win10v2004-20240419-en

asyncrat venom clients rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

127.0.0.1:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
true
install_file
hthtrth.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  erwer.exe
- Size
  
  63KB
- MD5
  
  f37b2278ca7f7064cb00956fa2dfc9c0
- SHA1
  
  a70187d714d5dcfbdaa67fbb789452e63e433812
- SHA256
  
  7c680a2e8e309a90a18ec45b16af3514ecbe43d761968c6c94d76144fcba9b79
- SHA512
  
  8b88b80126a86c3433c2a9f04999b0c90835ef955a1a50271d6164468585038e92716066e660915e8668a703d5029d6546d8d90bab6341a1cc4ff508b39f76b4
- SSDEEP
  
  1536:shBxLDlw0eEUzsUtjTk0vfTwrGbb/wChxGCDpqKmY7:shBxLDlw0dUvtjTk0XTaGbb/Rhhgz
Score

10^/10

asyncrat venom clients rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ratvenom clientsasyncrat

behavioral1

asyncratvenom clientsrat

behavioral2

asyncratvenom clientsrat

© 2018-2024

Terms | Privacy