asyncrat | 233fee4945229292aef7f2a515ddad8a0a6b1ccbdc40bb2ae9f343c2d96ddc8f | Triage

Submit
Reports

Overview

overview

Static

static

233fee4945...8f.exe

windows7-x64

233fee4945...8f.exe

windows10-2004-x64

Sharing

General

Target

233fee4945229292aef7f2a515ddad8a0a6b1ccbdc40bb2ae9f343c2d96ddc8f
Size

821KB
Sample

240818-w7t7ls1clr
MD5

40173279dca40dc2eb04e130d7142ce2
SHA1

a9d3cf03484120a0471d14ba59f82b38d26d84b0
SHA256

233fee4945229292aef7f2a515ddad8a0a6b1ccbdc40bb2ae9f343c2d96ddc8f
SHA512

db2aa317e12095ab880ffa4bdd00839b5fd6ff86c3f9a1d69a5459a626a72949b138b757fc01673a46f298073c5e489ec7929b4cc440d4f9c0ef65abfbea9d5d
SSDEEP

12288:dMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9JhBBxdsP2g:dnsJ39LyjbJkQFMhmC+6GD9X5dsu

Score

10^/10

asyncrat venomrat default discovery macro persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

233fee4945229292aef7f2a515ddad8a0a6b1ccbdc40bb2ae9f343c2d96ddc8f.exe

Resource

win7-20240708-en

asyncrat default discovery macro persistence rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

233fee4945229292aef7f2a515ddad8a0a6b1ccbdc40bb2ae9f343c2d96ddc8f.exe

Resource

win10v2004-20240802-en

asyncrat default discovery persistence rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

Mutex

lol.exe

Attributes

delay
1
install
true
install_file
lol.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  233fee4945229292aef7f2a515ddad8a0a6b1ccbdc40bb2ae9f343c2d96ddc8f
- Size
  
  821KB
- MD5
  
  40173279dca40dc2eb04e130d7142ce2
- SHA1
  
  a9d3cf03484120a0471d14ba59f82b38d26d84b0
- SHA256
  
  233fee4945229292aef7f2a515ddad8a0a6b1ccbdc40bb2ae9f343c2d96ddc8f
- SHA512
  
  db2aa317e12095ab880ffa4bdd00839b5fd6ff86c3f9a1d69a5459a626a72949b138b757fc01673a46f298073c5e489ec7929b4cc440d4f9c0ef65abfbea9d5d
- SSDEEP
  
  12288:dMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9JhBBxdsP2g:dnsJ39LyjbJkQFMhmC+6GD9X5dsu
Score

10^/10

asyncrat default discovery macro persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Async RAT payload
  rat
- Suspicious Office macro
  Office document equipped with macros.
  macro
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoverymacropersistencerat

behavioral2

asyncratdefaultdiscoverypersistencerat

© 2018-2024

Terms | Privacy