asyncrat | 0be528548950d759024be8b7722f7843b01cab1f562f2da60fa7115fb8e51ec8 | Triage

Sharing

General

Target

0be528548950d759024be8b7722f7843b01cab1f562f2da60fa7115fb8e51ec8
Size

797KB
Sample

240807-xdlttasbmq
MD5

ba4070bb61d40dc57e5bd4fb06a8f043
SHA1

2fecd1c3c57b1bb470dac336191aa2c7b01fe3a0
SHA256

0be528548950d759024be8b7722f7843b01cab1f562f2da60fa7115fb8e51ec8
SHA512

4c85229d31f64763d1f4b5caac441cd0f34d034bea5f0c1d7b2e6dfa2af568b19a9c11450da3b4245f1fe3429fed0510c8861ab3a6d66c12641b291542467bc9
SSDEEP

24576:ajDYjm109oFeU7VT1SDAQNl+2Ukei8kKkn:rjylLa7S438kKkn

Score

10^/10

asyncrat venom clients discovery rat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

141.98.7.91:7771

Mutex

ASDF^G*&^G&#G

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  0be528548950d759024be8b7722f7843b01cab1f562f2da60fa7115fb8e51ec8
- Size
  
  797KB
- MD5
  
  ba4070bb61d40dc57e5bd4fb06a8f043
- SHA1
  
  2fecd1c3c57b1bb470dac336191aa2c7b01fe3a0
- SHA256
  
  0be528548950d759024be8b7722f7843b01cab1f562f2da60fa7115fb8e51ec8
- SHA512
  
  4c85229d31f64763d1f4b5caac441cd0f34d034bea5f0c1d7b2e6dfa2af568b19a9c11450da3b4245f1fe3429fed0510c8861ab3a6d66c12641b291542467bc9
- SSDEEP
  
  24576:ajDYjm109oFeU7VT1SDAQNl+2Ukei8kKkn:rjylLa7S438kKkn
Score

10^/10

asyncrat venom clients discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenom clientsdiscoveryrat

behavioral2

asyncratvenom clientsdiscoveryrat