asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

DustyV1.rar
Size

2.3MB
Sample

240721-mfdwwazgrq
MD5

9c905054f29abb222cf5654cab7c371d
SHA1

afb6898bbd47ae0c2c8cdd6d04d221553f8a1aa9
SHA256

3d0b19a62038f874efce6e1286a7d591c43935c14e9b9f4cd7a94901fc17cdcb
SHA512

88d7255a95283e56b2a341dcd46047fdc3cb575a5a70914afc13861e1fcc168f4e15371fa8a7f7d44d96b59fa43a3ea3152d211a03eb9f32e90028968109a010
SSDEEP

49152:va7yEDfJ5HHg5P+/iMDEAy2chfj9xa7yEDfJ5HqnyG:C9nHgl+zgAIfjW9nqn7

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:9090

127.0.0.1:27853

147.185.221.20:9090

147.185.221.20:27853

Mutex

otjnojdxtcgqahud

Attributes

delay
1
install
true
install_file
DustyV1.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Debug/CeleryIn.bin
- Size
  
  44KB
- MD5
  
  cc7e9dd40db5c538627c7645eb14d036
- SHA1
  
  4ccac29689ddd6b63892df0bbbf98aa1250419bf
- SHA256
  
  67c8386dc05355c49b8137990218be6177dba810fae418f0cce964c1d0082702
- SHA512
  
  3a91394dfa95ce012925639f12d05cbdd3c8f0b955601043952e3b6aa89cde816107a857d772bb5528422f41f2206b5a415de8fdfed2a178f2b13904a15dc5cf
- SSDEEP
  
  384:jVdzew6q0MEe7Tc8cZO1D9WDPAy7cRxoTYVJa5voVMmA2QdwB5bh1r:RYiXFcZkRcXbTYVJa8NA2jj
Score

1^/10
behavioral1 behavioral2
- Target
  
  Debug/CeleryInject.exe
- Size
  
  3.4MB
- MD5
  
  ff3728a63db84bd000176d56e5672d0f
- SHA1
  
  ddac6646d16d6efe73d9cf8b8c7a8cb3d8ab55ae
- SHA256
  
  375f3b4bdff6a9d9ac581456d0ed49b56e72443cc09bac1010596b74b8945d02
- SHA512
  
  8824507a41a59ec649d51f012c6ec777237edc42b764c47c9fdff6e7e3722adf0283ff118ad69018cd27911572feb1db280a5feecea2936780e6dddfa5df3eb3
- SSDEEP
  
  49152:B5EU2GVV1EcBHbhI9ZFlDGjiolwOp3fvGA:UsX1JUu
Score

1^/10
behavioral3 behavioral4
- Target
  
  Debug/DustyInject.exe
- Size
  
  3.4MB
- MD5
  
  ff3728a63db84bd000176d56e5672d0f
- SHA1
  
  ddac6646d16d6efe73d9cf8b8c7a8cb3d8ab55ae
- SHA256
  
  375f3b4bdff6a9d9ac581456d0ed49b56e72443cc09bac1010596b74b8945d02
- SHA512
  
  8824507a41a59ec649d51f012c6ec777237edc42b764c47c9fdff6e7e3722adf0283ff118ad69018cd27911572feb1db280a5feecea2936780e6dddfa5df3eb3
- SSDEEP
  
  49152:B5EU2GVV1EcBHbhI9ZFlDGjiolwOp3fvGA:UsX1JUu
Score

1^/10
behavioral5 behavioral6
- Target
  
  Debug/DustyV1.exe
- Size
  
  135KB
- MD5
  
  687f2cf04c23fa5175997963209ad8b3
- SHA1
  
  0336509b84e0da5f128dc998f5ecb70292202659
- SHA256
  
  8a11dc2e740aa9e90b807ceb087ab2c11eaf320d77cc8553ff154deee8341427
- SHA512
  
  7eeb29f055a42da49e2fd60ccfa0ab7c8afee43872edbb746ca4cb05b7321f325ddb344c64dfc82a21f63b3cc91e4a416555c47e4295f70cb36fd0804e736cb6
- SSDEEP
  
  3072:vaVmYVShpgaEWXI8pfFGgvlka1BCVS2VAXdHLxl29X7N2:vLYYgXwI898a1sn2XdNUXB
Score

7^/10
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  Debug/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral10 behavioral9
- Target
  
  Debug/STAPI.dll
- Size
  
  25KB
- MD5
  
  9d531a513b01a87a1f9a807a651ec6c2
- SHA1
  
  167a8a5b8a4781ffce9501fbf940001f94139b07
- SHA256
  
  48cf62c11ab607f5eb413b683860b227a596e72f030dd671bccf3cab568c9803
- SHA512
  
  be81fe19d2acf7f8b34d1c230c8abd140ff3e4fa06c13555db38806d1760bd517c9ec80ba58cc5f053ad789868f5d07b9878d6f3188ba1bec154ee7266f88614
- SSDEEP
  
  384:PD39f1l7fgyJs/BmoIJgm3/BmoI0BG+9mEaoCOepbyPa69a+5TfCCJi1XowRV39g:PDtf1lsyJy+9Oo5epbIr9lk5RRL2
Score

1^/10
behavioral11 behavioral12
- Target
  
  Debug/Siticone.Desktop.UI.dll
- Size
  
  2.4MB
- MD5
  
  4c2646035d103a4175c805b0356ff85c
- SHA1
  
  3ea3810af76b1fb0e03181ef56435734ed773c9f
- SHA256
  
  4e15f9275d91d9c0a4a82bec6587e0de9ba9ad86e79b991d2d406233af07f681
- SHA512
  
  6fe6556af323301a52c414094841e58922892572a40b92418615af5257b7d049e363c4b1c8b3a0aa2971c3a2b598d4b4199e71c9698f5c4864fc7415928f5c9b
- SSDEEP
  
  24576:VDaMDvme1hA55HBbTJv2wbrlm12oQ4XpHynf6xJKeLVHGpgkaZKCjuBhkFd51xcV:VOg0Pm12VfIfLV1k8jd5o7JIPnk
Score

1^/10
behavioral13 behavioral14
- Target
  
  Debug/Updater.exe
- Size
  
  74KB
- MD5
  
  6a573caf7b6f745e3113b602cc67db13
- SHA1
  
  1068547d9db8ba426e6dc9f5f5c7989873eeb3d1
- SHA256
  
  3ffae8507d10a4e66855339335a797343dcc19c6a8f48314bc678d03f06bb115
- SHA512
  
  badd9cbe3819c87b6cd3da58265e98d4f1f270e80d44589c70f6c9c7542199286a9b4c2b60462e1cb48ae85a2d79d89199b01332f6c797bd1bf54f862da3e2ec
- SSDEEP
  
  1536:lUPkcx5v/5CxSPMV6e9VdQuDI6H1bf/s/NQzc2LVclN:lUMcx5vx2SPMV6e9VdQsH1bfAQPBY
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Async RAT payload

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16