asyncrat | b84eb711989fbe9e0ff3ec874b5a0dac33655d27929fdce619ea94a35dca8953 | Triage

Submit
Reports

Overview

overview

Static

static

1

b84eb71198...53.cmd

windows7-x64

b84eb71198...53.cmd

windows10-2004-x64

Sharing

General

Target

b84eb711989fbe9e0ff3ec874b5a0dac33655d27929fdce619ea94a35dca8953.cmd
Size

6KB
Sample

240524-b2x14agg84
MD5

7b90a6964decffe69d5a3f43d4285498
SHA1

9e2982f4c58624952f26322fd7eff379af540586
SHA256

b84eb711989fbe9e0ff3ec874b5a0dac33655d27929fdce619ea94a35dca8953
SHA512

f95ac4691adb65fe56c981567c2ea79bb786f38305ae0280da1c41f48c7f34d72fdc22737835096046590036353ec33295f1c6378987f1d9354356accd650b68
SSDEEP

96:Svgs1WudsEONjKlXPi3+mB0AT1DLkHjXTIo6wwPtsRmNga74vGyr:SN0ysEOKjMlTxiDEwqtLNga0N

Score

10^/10

asyncrat venom clients execution rat

Static task

static1

Behavioral task

behavioral1

Sample

b84eb711989fbe9e0ff3ec874b5a0dac33655d27929fdce619ea94a35dca8953.cmd

Resource

win7-20240419-en

asyncrat venom clients execution rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b84eb711989fbe9e0ff3ec874b5a0dac33655d27929fdce619ea94a35dca8953.cmd

Resource

win10v2004-20240508-en

asyncrat venom clients execution rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

xvern429.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b84eb711989fbe9e0ff3ec874b5a0dac33655d27929fdce619ea94a35dca8953.cmd
- Size
  
  6KB
- MD5
  
  7b90a6964decffe69d5a3f43d4285498
- SHA1
  
  9e2982f4c58624952f26322fd7eff379af540586
- SHA256
  
  b84eb711989fbe9e0ff3ec874b5a0dac33655d27929fdce619ea94a35dca8953
- SHA512
  
  f95ac4691adb65fe56c981567c2ea79bb786f38305ae0280da1c41f48c7f34d72fdc22737835096046590036353ec33295f1c6378987f1d9354356accd650b68
- SSDEEP
  
  96:Svgs1WudsEONjKlXPi3+mB0AT1DLkHjXTIo6wwPtsRmNga74vGyr:SN0ysEOKjMlTxiDEwqtLNga0N
Score

10^/10

asyncrat venom clients execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detects executables attemping to enumerate video devices using WMI
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratvenom clientsexecutionrat

behavioral2

asyncratvenom clientsexecutionrat

© 2018-2024

Terms | Privacy