asyncrat | c8c12055c4468764fdb8553eee67f51dea7be14e4517d5d43d5a7695dc6b0660 | Triage

Sharing

General

Target

c8c12055c4468764fdb8553eee67f51dea7be14e4517d5d43d5a7695dc6b0660
Size

74KB
Sample

240526-jlehtabe9s
MD5

9f7b2bf836c0e9682f7f612fc60d88f9
SHA1

2a99db9697d168488ef962ff51f0599e89bfeaeb
SHA256

c8c12055c4468764fdb8553eee67f51dea7be14e4517d5d43d5a7695dc6b0660
SHA512

59f899ed095371cf13e63ee9748bc8cdc86aa1b2ede5d068dc81f6b0134219fd8f31bfd3f664602cf8562ab4851acdf85f5a06de35ab6f949106139a1ff37556
SSDEEP

1536:i9ZAUZ2HXtkAmLej8CGqPM63JCdNhnY+YH1bo/yUaV4zQX3VclN:i9KUZ82AmLeYoPM63JCnYH1bo9Y4elY

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

94.156.65.172:4449

Mutex

izslwuidilziewad

Attributes

delay
1
install
true
install_file
AntiMalware.exe
install_folder
%AppData%

aes.plain

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://xcu.exgaming.click

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://xcu5.exgaming.click

Targets

- Target
  
  c8c12055c4468764fdb8553eee67f51dea7be14e4517d5d43d5a7695dc6b0660
- Size
  
  74KB
- MD5
  
  9f7b2bf836c0e9682f7f612fc60d88f9
- SHA1
  
  2a99db9697d168488ef962ff51f0599e89bfeaeb
- SHA256
  
  c8c12055c4468764fdb8553eee67f51dea7be14e4517d5d43d5a7695dc6b0660
- SHA512
  
  59f899ed095371cf13e63ee9748bc8cdc86aa1b2ede5d068dc81f6b0134219fd8f31bfd3f664602cf8562ab4851acdf85f5a06de35ab6f949106139a1ff37556
- SSDEEP
  
  1536:i9ZAUZ2HXtkAmLej8CGqPM63JCdNhnY+YH1bo/yUaV4zQX3VclN:i9KUZ82AmLeYoPM63JCnYH1bo9Y4elY
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

defaultasyncrat

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat