asyncrat | e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728 | Triage

Sharing

General

Target

las.cmd
Size

6KB
Sample

240523-t6wypshd3s
MD5

1b315096e07f2cbe4bb1dae37bf115e5
SHA1

183d4109803b7de7f8c679e5cf12d215bd6b3871
SHA256

e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728
SHA512

b7d3fa6cbb79537c827bf80b29c0be4b11036922717d05ae79e301071651c7a1cbcf114fa1b9b0459e874c01de24bc78d67f171ecc9bba09f0ba039a7fea2683
SSDEEP

96:k+m8Z1rXchtQtvV3c7FK+37kcu/WlJVhe9glzjAqvko644Omqnds29D6tCmXPWC7:B6hQOKM7kc3De9glzjFkFXCj9DACy

Score

10^/10

asyncrat venom clients execution rat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

xvern429.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  las.cmd
- Size
  
  6KB
- MD5
  
  1b315096e07f2cbe4bb1dae37bf115e5
- SHA1
  
  183d4109803b7de7f8c679e5cf12d215bd6b3871
- SHA256
  
  e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728
- SHA512
  
  b7d3fa6cbb79537c827bf80b29c0be4b11036922717d05ae79e301071651c7a1cbcf114fa1b9b0459e874c01de24bc78d67f171ecc9bba09f0ba039a7fea2683
- SSDEEP
  
  96:k+m8Z1rXchtQtvV3c7FK+37kcu/WlJVhe9glzjAqvko644Omqnds29D6tCmXPWC7:B6hQOKM7kc3De9glzjFkFXCj9DACy
Score

10^/10

asyncrat venom clients execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenom clientsexecutionrat

behavioral2

asyncratvenom clientsexecutionrat