General
-
Target
otpbotlocal.exe
-
Size
10.7MB
-
Sample
240919-yyszasyakc
-
MD5
9720bee076c6b3be6c9081d0af8178e4
-
SHA1
739a71e1ca502a8ede612324820a8152a5b88763
-
SHA256
c2dfa035423fbd68e4630a2d1596fbbb3002457521c893e577d3cf82f0590bfe
-
SHA512
a11c5d41ef3bc4dadee36e6ad0df1dbd7aa160b05b3c1fec9657c9acdd67bb90c27e9ddffe81b8def26bf339df23becfd97bc55fe6a38ad4e8d500fd8238e737
-
SSDEEP
196608:RqQQY3a91b1bOJ+ckTPpGAjMGhuPD5U4iDfyGw21X5Sp6GemDMPwuWPTw9ruTGgF:8Y3a1JPP8AxYDMDfDTpfaMPgcuvjQ
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
10.0.2.15:9090
10.0.2.15:52033
147.185.221.19:9090
147.185.221.19:52033
wbrjnemduvixdculy
-
delay
1
-
install
true
-
install_file
steam.exe
-
install_folder
%AppData%
Targets
-
-
Target
otpbotlocal.exe
-
Size
10.7MB
-
MD5
9720bee076c6b3be6c9081d0af8178e4
-
SHA1
739a71e1ca502a8ede612324820a8152a5b88763
-
SHA256
c2dfa035423fbd68e4630a2d1596fbbb3002457521c893e577d3cf82f0590bfe
-
SHA512
a11c5d41ef3bc4dadee36e6ad0df1dbd7aa160b05b3c1fec9657c9acdd67bb90c27e9ddffe81b8def26bf339df23becfd97bc55fe6a38ad4e8d500fd8238e737
-
SSDEEP
196608:RqQQY3a91b1bOJ+ckTPpGAjMGhuPD5U4iDfyGw21X5Sp6GemDMPwuWPTw9ruTGgF:8Y3a1JPP8AxYDMDfDTpfaMPgcuvjQ
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1