asyncrat | c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0 | Triage

Submit
Reports

Overview

overview

Static

static

1

c993fe1977...e0.cmd

windows7-x64

8

c993fe1977...e0.cmd

windows10-2004-x64

Sharing

General

Target

c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0.cmd
Size

82KB
Sample

240524-b44lnagg5z
MD5

0c9dd4a4644d5271be6bf540daccb191
SHA1

452415383fd54926ce19f8f78258dc57d87c98ef
SHA256

c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0
SHA512

194d82615358dfc579e508768e2b2e3357069ea626cf90415f58459943a147e0c58d600091bf8840c1e06db9962ca01b3cd2cf9f1ee3d6685bd8d62a6219eab5
SSDEEP

1536:cHkGj8vp9NrhTu1iCrjNk9CRsphfkA0tNJxCK9dLbw3/4cLT4H/INmxklg:cHB8nrhTu1L8CRsp+RtIK4v3nUcM

Score

10^/10

asyncrat venom clients execution rat

Static task

static1

Behavioral task

behavioral1

Sample

c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0.cmd

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0.cmd

Resource

win10v2004-20240426-en

asyncrat venom clients execution rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

undjsj.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0.cmd
- Size
  
  82KB
- MD5
  
  0c9dd4a4644d5271be6bf540daccb191
- SHA1
  
  452415383fd54926ce19f8f78258dc57d87c98ef
- SHA256
  
  c993fe19772483493944a04b83c5842049b2ddf5f4f2289f7ecd67d1245658e0
- SHA512
  
  194d82615358dfc579e508768e2b2e3357069ea626cf90415f58459943a147e0c58d600091bf8840c1e06db9962ca01b3cd2cf9f1ee3d6685bd8d62a6219eab5
- SSDEEP
  
  1536:cHkGj8vp9NrhTu1iCrjNk9CRsphfkA0tNJxCK9dLbw3/4cLT4H/INmxklg:cHB8nrhTu1L8CRsp+RtIK4v3nUcM
Score

10^/10

execution asyncrat venom clients rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Detects executables attemping to enumerate video devices using WMI
- Detects executables packed with ConfuserEx Mod
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

asyncratvenom clientsexecutionrat

© 2018-2024

Terms | Privacy