asyncrat | e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728 | Triage

Submit
Reports

Overview

overview

Static

static

1

e199e310df...28.cmd

windows7-x64

e199e310df...28.cmd

windows10-2004-x64

Sharing

General

Target

e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728.cmd
Size

6KB
Sample

240524-b73tjagh9z
MD5

1b315096e07f2cbe4bb1dae37bf115e5
SHA1

183d4109803b7de7f8c679e5cf12d215bd6b3871
SHA256

e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728
SHA512

b7d3fa6cbb79537c827bf80b29c0be4b11036922717d05ae79e301071651c7a1cbcf114fa1b9b0459e874c01de24bc78d67f171ecc9bba09f0ba039a7fea2683
SSDEEP

96:k+m8Z1rXchtQtvV3c7FK+37kcu/WlJVhe9glzjAqvko644Omqnds29D6tCmXPWC7:B6hQOKM7kc3De9glzjFkFXCj9DACy

Score

10^/10

asyncrat venom clients execution rat

Static task

static1

Behavioral task

behavioral1

Sample

e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728.cmd

Resource

win7-20240215-en

asyncrat venom clients execution rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728.cmd

Resource

win10v2004-20240508-en

asyncrat venom clients execution rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

xvern429.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728.cmd
- Size
  
  6KB
- MD5
  
  1b315096e07f2cbe4bb1dae37bf115e5
- SHA1
  
  183d4109803b7de7f8c679e5cf12d215bd6b3871
- SHA256
  
  e199e310df7ed728f62ded7f850def8787e53b2e35a3534d20409976dfa87728
- SHA512
  
  b7d3fa6cbb79537c827bf80b29c0be4b11036922717d05ae79e301071651c7a1cbcf114fa1b9b0459e874c01de24bc78d67f171ecc9bba09f0ba039a7fea2683
- SSDEEP
  
  96:k+m8Z1rXchtQtvV3c7FK+37kcu/WlJVhe9glzjAqvko644Omqnds29D6tCmXPWC7:B6hQOKM7kc3De9glzjFkFXCj9DACy
Score

10^/10

asyncrat venom clients execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detects executables attemping to enumerate video devices using WMI
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratvenom clientsexecutionrat

behavioral2

asyncratvenom clientsexecutionrat

© 2018-2024

Terms | Privacy