asyncrat | 6b21c5b53198967f49dda5d8b79e06bfd1ac72ca4c362bbdbc7a58cf2a5de9af | Triage

Sharing

General

Target

Bot.rar
Size

16.3MB
Sample

240719-ww4lxaxdmh
MD5

4d4e496a1767ff35798fa6dcb62020c6
SHA1

c4a6abb07705d6fdecdcd126bc60b7dc6617f8f0
SHA256

6b21c5b53198967f49dda5d8b79e06bfd1ac72ca4c362bbdbc7a58cf2a5de9af
SHA512

5d1f66b5e1df4e019fa14564cf477e0cc105c2a9611b7807c7e2444782f6183ce97828f980b08856268634ed4f946af1b0d4f94d99780445864aeef7645fdab2
SSDEEP

393216:9m3jAlqrWUIyB1mdnKQO5dEhLN8DDifhAz90hXIPoO8I/n:qrdII1mhKfghLNfEOGPosf

Score

10^/10

asyncrat default execution persistence pyinstaller rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

10.0.2.15:9090

10.0.2.15:52033

147.185.221.19:9090

147.185.221.19:52033

Mutex

wbrjnemduvixdculy

Attributes

delay
1
install
true
install_file
steam.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  OTPBOT.exe
- Size
  
  16.7MB
- MD5
  
  d76d4061a38546dda1d9748588b75f18
- SHA1
  
  adbcd8ada656dddd3809bdd8061f59fbb53351bd
- SHA256
  
  7c833f195a6be1c64c85cca8f227f0226726609bc564f9577ef81924aa99c1b4
- SHA512
  
  f4cdfe95be590c55fd32fcaf711961ab67fcee8dcceeb44bf8cb4e6e2208b207073ba7a329a843ac1d63d5f5a2d8fae78dc2043afc4b2829757246c05eff7fb1
- SSDEEP
  
  393216:Ib7D+eNMC7Z61Kqm/1MpfnZ0ZjupISFOxcyUVBWABkgr0:U/mCNoZm9ML05ualxc0E
Score

10^/10

asyncrat default execution persistence rat pyinstaller
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultexecutionpersistencerat

behavioral2

asyncratdefaultexecutionpersistencepyinstallerrat