asyncrat | ceb87fb8fc18a0699bac5b532cfdad64cfdf755efccb03b2571679460b465724 | Triage

Resubmissions

20-08-2024 05:13

240820-fwfbbaydmr 10

17-08-2024 08:11

240817-j3kq6awaqh 10

Sharing

General

Target

BYTER.exe
Size

13.3MB
Sample

240817-j3kq6awaqh
MD5

9fd8d6a471d60fbf60d029504916ea50
SHA1

e1cb6de275494b2642a88a0b2136b1ec84551947
SHA256

ceb87fb8fc18a0699bac5b532cfdad64cfdf755efccb03b2571679460b465724
SHA512

c80968a9e7ecd6c31a4dcc5a27cd47260d0bc2601312b3b3a250487bea64e63595c062c9f48358fd477609a4bfcdd82bfca1da8689b3c247ce62d3fbfb409f7b
SSDEEP

393216:0tk1FrHQc/l+FvxWBqWwVrCCIIedFQMG9:0tkPHQG+FJAqWwVCCI/Du

Score

10^/10

asyncrat default defense_evasion discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

10.0.2.15:9090

10.0.2.15:52033

147.185.221.19:9090

147.185.221.19:52033

Mutex

yigdzohbebyxyvvzbc

Attributes

delay
1
install
true
install_file
Steam.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  BYTER.exe
- Size
  
  13.3MB
- MD5
  
  9fd8d6a471d60fbf60d029504916ea50
- SHA1
  
  e1cb6de275494b2642a88a0b2136b1ec84551947
- SHA256
  
  ceb87fb8fc18a0699bac5b532cfdad64cfdf755efccb03b2571679460b465724
- SHA512
  
  c80968a9e7ecd6c31a4dcc5a27cd47260d0bc2601312b3b3a250487bea64e63595c062c9f48358fd477609a4bfcdd82bfca1da8689b3c247ce62d3fbfb409f7b
- SSDEEP
  
  393216:0tk1FrHQc/l+FvxWBqWwVrCCIIedFQMG9:0tkPHQG+FJAqWwVCCI/Du
Score

10^/10

asyncrat default defense_evasion discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdefense_evasiondiscoveryrat

behavioral2

asyncratdefaultdefense_evasiondiscoveryrat