asyncrat | 255569d7156794ac033567269a847e93acdfc95126dbad54af5b8909bba4c553 | Triage

Sharing

General

Target

Client.exe
Size

74KB
Sample

240529-smwcdsab9x
MD5

c9e368cb65ed6c541e29b52aeb4c2af4
SHA1

b2fe42b7ee53d11cc6cac3e6a99a92f72ff9cc01
SHA256

255569d7156794ac033567269a847e93acdfc95126dbad54af5b8909bba4c553
SHA512

10ad380013e2efa9f85110e97ebb1187c22fadc2b43f6633af65aedb3b9ffc0355695a70858eef8a6d819423778552f17ebaeeb19ba3b521da2584a9f1e74b81
SSDEEP

1536:2UvNwcxKHXwzCtmPMV2e9VdQuDI6H1bf/OSQzcqLVclN:2UvicxK8WmPMV2e9VdQsH1bffQbBY

Score

10^/10

asyncrat default discovery evasion rat trojan

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

147.185.221.19:38173

Mutex

uuhaiushdishajkdhwuasudh

Attributes

delay
1
install
true
install_file
svhost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  74KB
- MD5
  
  c9e368cb65ed6c541e29b52aeb4c2af4
- SHA1
  
  b2fe42b7ee53d11cc6cac3e6a99a92f72ff9cc01
- SHA256
  
  255569d7156794ac033567269a847e93acdfc95126dbad54af5b8909bba4c553
- SHA512
  
  10ad380013e2efa9f85110e97ebb1187c22fadc2b43f6633af65aedb3b9ffc0355695a70858eef8a6d819423778552f17ebaeeb19ba3b521da2584a9f1e74b81
- SSDEEP
  
  1536:2UvNwcxKHXwzCtmPMV2e9VdQuDI6H1bf/OSQzcqLVclN:2UvicxK8WmPMV2e9VdQsH1bffQbBY
Score

10^/10

asyncrat default discovery evasion rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- UAC bypass
  evasion trojan
- Async RAT payload
  rat
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryevasionrattrojan