asyncrat | 6ba9d2abe4be109e9555c35ce930c31a3602f5d08148baabaa35582b66dcad0e | Triage

Submit
Reports

Overview

overview

Static

static

1

فينوم رات.txt

windows10-1703-x64

Sharing

General

Target

فينوم رات.txt
Size

271B
Sample

240506-zhwkxsdc87
MD5

c88aef6c0f86426249f9b9bf56fc4705
SHA1

4e29828dfa4bdd451ccb0da2b99d264d4ea8a703
SHA256

6ba9d2abe4be109e9555c35ce930c31a3602f5d08148baabaa35582b66dcad0e
SHA512

147556c3c11c9220833616ea5d4f69ceaf8f0fc0f0ac19606df32b7d8c757afc9c24fd5a4be8b563cfe708630905d77777d6ccf931419b162c191e19e4f9f419

Score

10^/10

asyncrat xworm zgrat default venom clients persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

فينوم رات.txt

Resource

win10-20240404-en

asyncrat xworm zgrat default venom clients persistence rat trojan

windows10-1703-x64

37 signatures

1800 seconds

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

127.0.0.1:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
true
install_file
123.exe
install_folder
%Temp%

aes.plain

Extracted

Family

xworm

C2

209.25.141.181:31533

Attributes

Install_directory
%Temp%
install_file
INCCHECK.exe

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

Attributes

delay
1
install
true
install_file
UnregisterResize.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  فينوم رات.txt
- Size
  
  271B
- MD5
  
  c88aef6c0f86426249f9b9bf56fc4705
- SHA1
  
  4e29828dfa4bdd451ccb0da2b99d264d4ea8a703
- SHA256
  
  6ba9d2abe4be109e9555c35ce930c31a3602f5d08148baabaa35582b66dcad0e
- SHA512
  
  147556c3c11c9220833616ea5d4f69ceaf8f0fc0f0ac19606df32b7d8c757afc9c24fd5a4be8b563cfe708630905d77777d6ccf931419b162c191e19e4f9f419
Score

10^/10

asyncrat xworm zgrat default venom clients persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Xworm Payload
- Detect ZGRat V1
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Account Manipulation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Account Manipulation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratxwormzgratdefaultvenom clientspersistencerattrojan

© 2018-2025

Terms | Privacy