asyncrat | e4ff7372f55485d5d9dcf1849985eb7e79ccc1945b71c7293dc0b2b5a2034606 | Triage

Sharing

General

Target

e4ff7372f55485d5d9dcf1849985eb7e79ccc1945b71c7293dc0b2b5a2034606
Size

157KB
Sample

240807-bednyawdpm
MD5

50814f8fc570268a7ce22e6b903ef552
SHA1

1d0f7a10da8d3a34b6a9536b05a738bcefcc8316
SHA256

e4ff7372f55485d5d9dcf1849985eb7e79ccc1945b71c7293dc0b2b5a2034606
SHA512

aca2a18a94d9d9d8ec4d02266033473dff149b6331c8a4f1b282e6941c2a65669870ac3795c159172a6ad8b944622122fedfcd355b758a04d053223391819601
SSDEEP

3072:VVoNnTW/vQgEAmjc+O3lBsSTzsSTxYKJy1v:VmNT6vQgEAmg+QlqST4STxYKJcv

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

34.45.30.242:443

34.45.30.242:80

34.66.204.146:443

34.66.204.146:80

Mutex

uyvnhoyeedhzwfofge

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e4ff7372f55485d5d9dcf1849985eb7e79ccc1945b71c7293dc0b2b5a2034606
- Size
  
  157KB
- MD5
  
  50814f8fc570268a7ce22e6b903ef552
- SHA1
  
  1d0f7a10da8d3a34b6a9536b05a738bcefcc8316
- SHA256
  
  e4ff7372f55485d5d9dcf1849985eb7e79ccc1945b71c7293dc0b2b5a2034606
- SHA512
  
  aca2a18a94d9d9d8ec4d02266033473dff149b6331c8a4f1b282e6941c2a65669870ac3795c159172a6ad8b944622122fedfcd355b758a04d053223391819601
- SSDEEP
  
  3072:VVoNnTW/vQgEAmjc+O3lBsSTzsSTxYKJy1v:VmNT6vQgEAmg+QlqST4STxYKJcv
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat