asyncrat | c2ab16802765ebcfe21f21aabd351c846bbea9140835c23579f9d0e26f9bdf2c | Triage

Sharing

General

Target

sample.cmd
Size

111KB
Sample

240523-w8xdcscb23
MD5

934330a37a7b1380047366d135ff1423
SHA1

1cadd58c7e7475277d23b924b3dac8aad567bf44
SHA256

c2ab16802765ebcfe21f21aabd351c846bbea9140835c23579f9d0e26f9bdf2c
SHA512

844b523cb12393b97a9807fd4b5bd9b811a7482a4d9865a0b3c7ccdce889222671f86bd87cc8a0ec25abefe62d8e33a871434114847fea58bf8bc73bc411362a
SSDEEP

3072:/HPsUJ1lTMxqWITymQ57Leimw/gU0x1DzfsxciNpU3:XTWITymEeiWUxFy

Score

10^/10

asyncrat venom clients execution rat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

xvern429.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  sample.cmd
- Size
  
  111KB
- MD5
  
  934330a37a7b1380047366d135ff1423
- SHA1
  
  1cadd58c7e7475277d23b924b3dac8aad567bf44
- SHA256
  
  c2ab16802765ebcfe21f21aabd351c846bbea9140835c23579f9d0e26f9bdf2c
- SHA512
  
  844b523cb12393b97a9807fd4b5bd9b811a7482a4d9865a0b3c7ccdce889222671f86bd87cc8a0ec25abefe62d8e33a871434114847fea58bf8bc73bc411362a
- SSDEEP
  
  3072:/HPsUJ1lTMxqWITymQ57Leimw/gU0x1DzfsxciNpU3:XTWITymEeiWUxFy
Score

10^/10

execution asyncrat venom clients rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratvenom clientsexecutionrat