asyncrat | 78e20b9f9e36578c45d1c0e28e68299620ce085953ab3e468ab10f633e586cfc | Triage

Sharing

General

Target

78e20b9f9e36578c45d1c0e28e68299620ce085953ab3e468ab10f633e586cfc.ps1
Size

250KB
Sample

240713-mw6xlaxgkr
MD5

85a84eff8bf73e4661824726438e21ee
SHA1

a2b5401bbe15125c0d8d9419d87425366c991fa8
SHA256

78e20b9f9e36578c45d1c0e28e68299620ce085953ab3e468ab10f633e586cfc
SHA512

e93cb30222036ef2f47dc27cc3d4c6195e6c57d12728e4955707dba69d38b469a0e7242729cebe3d59afe312c3db5bdf20e623ea939ba7f8085d9435b14bcfb0
SSDEEP

6144:07TZQO29BnRDqjNITiIy0VN8Iq1e0gOYPWSOoHf9KU9Gw7:YCO4EOpQe0gO5M7

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

64.112.85.3:4449

Mutex

ufaaryvntrlyhwcwq

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  78e20b9f9e36578c45d1c0e28e68299620ce085953ab3e468ab10f633e586cfc.ps1
- Size
  
  250KB
- MD5
  
  85a84eff8bf73e4661824726438e21ee
- SHA1
  
  a2b5401bbe15125c0d8d9419d87425366c991fa8
- SHA256
  
  78e20b9f9e36578c45d1c0e28e68299620ce085953ab3e468ab10f633e586cfc
- SHA512
  
  e93cb30222036ef2f47dc27cc3d4c6195e6c57d12728e4955707dba69d38b469a0e7242729cebe3d59afe312c3db5bdf20e623ea939ba7f8085d9435b14bcfb0
- SSDEEP
  
  6144:07TZQO29BnRDqjNITiIy0VN8Iq1e0gOYPWSOoHf9KU9Gw7:YCO4EOpQe0gO5M7
Score

10^/10

execution asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultexecutionrat