asyncrat | e3f245020bcf6beaca39b8cc9eb06b3db7f209356e765f41d8306ad56735e944 | Triage

Submit
Reports

Overview

overview

Static

static

3

e3f245020b...44.exe

windows7-x64

e3f245020b...44.exe

windows10-2004-x64

Resubmissions

Sharing

General

Target

e3f245020bcf6beaca39b8cc9eb06b3db7f209356e765f41d8306ad56735e944.exe
Size

231KB
Sample

240524-b8brfahb73
MD5

144f1b1c4b9cdad97d8dd1a3a89e7ea1
SHA1

1a11d76a6ab646a0d699efa0e5fc71de6e5af92c
SHA256

e3f245020bcf6beaca39b8cc9eb06b3db7f209356e765f41d8306ad56735e944
SHA512

2697bde82afdef6b3e9079e9add7a9026fffec2a9093932d6c05256fe73df0ef9a2fac4f26de28e2b5d87cc7dd0651dac80baa2a3841148409ab2c3ea32b6882
SSDEEP

6144:TZ+geAPqybJnO5AbpbO9jhJdrz8U6n4eOP07NyGyG2qYlw5S3U19:T4FvybJNpazzfoyG

Score

10^/10

asyncrat default persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e3f245020bcf6beaca39b8cc9eb06b3db7f209356e765f41d8306ad56735e944.exe

Resource

win7-20240221-en

asyncrat default persistence rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

e3f245020bcf6beaca39b8cc9eb06b3db7f209356e765f41d8306ad56735e944.exe

Resource

win10v2004-20240426-en

asyncrat default persistence rat

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

66.235.168.242:4449

Mutex

scgofjarww

Attributes

delay
1
install
true
install_file
Loader.exe
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Botnet

Default

C2

66.235.168.242:3232

Attributes

delay
1
install
true
install_file
Loaader.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e3f245020bcf6beaca39b8cc9eb06b3db7f209356e765f41d8306ad56735e944.exe
- Size
  
  231KB
- MD5
  
  144f1b1c4b9cdad97d8dd1a3a89e7ea1
- SHA1
  
  1a11d76a6ab646a0d699efa0e5fc71de6e5af92c
- SHA256
  
  e3f245020bcf6beaca39b8cc9eb06b3db7f209356e765f41d8306ad56735e944
- SHA512
  
  2697bde82afdef6b3e9079e9add7a9026fffec2a9093932d6c05256fe73df0ef9a2fac4f26de28e2b5d87cc7dd0651dac80baa2a3841148409ab2c3ea32b6882
- SSDEEP
  
  6144:TZ+geAPqybJnO5AbpbO9jhJdrz8U6n4eOP07NyGyG2qYlw5S3U19:T4FvybJNpazzfoyG
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Detects executables attemping to enumerate video devices using WMI
- Detects executables containing the string DcRatBy
- Detects executables packed with ConfuserEx Mod
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratdefaultpersistencerat

behavioral2

asyncratdefaultpersistencerat

© 2018-2024

Terms | Privacy