asyncrat

Resubmissions

27-09-2024 20:25

240927-y7q63azgkh 10

27-09-2024 20:17

240927-y2m78axelm 10

Sharing

Copy URL

Twitter E-mail

General

Target

Randome.zip
Size

104.5MB
Sample

240927-y2m78axelm
MD5

9560ed37c84c3275864678494f17ca8e
SHA1

be13b5d932bcf07c2b40837d1601505b004520a1
SHA256

b4acfbc4174469c9aff54043442223afe559dab84954e4b51b64756fe2b045ac
SHA512

129a24922493bb080678e1397f81633299c4945e8fb04c9200e069e20b0faf5fb577d1d77785cdb043f4e3ad1bebff2dca381dfea334f04b4ca882b50294cdae
SSDEEP

1572864:AfEq6EoSgn9IUMwnuQexJEuTQ4Hj+XmJfBL9FZx13wDiYu4eH0IuvHcYrvzk/cfw:AMjIUMgAJrc4HtR1ciLefjob

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

93.82.44.26:4040

Mutex

nheplizwdi

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Randome.zip
- Size
  
  104.5MB
- MD5
  
  9560ed37c84c3275864678494f17ca8e
- SHA1
  
  be13b5d932bcf07c2b40837d1601505b004520a1
- SHA256
  
  b4acfbc4174469c9aff54043442223afe559dab84954e4b51b64756fe2b045ac
- SHA512
  
  129a24922493bb080678e1397f81633299c4945e8fb04c9200e069e20b0faf5fb577d1d77785cdb043f4e3ad1bebff2dca381dfea334f04b4ca882b50294cdae
- SSDEEP
  
  1572864:AfEq6EoSgn9IUMwnuQexJEuTQ4Hj+XmJfBL9FZx13wDiYu4eH0IuvHcYrvzk/cfw:AMjIUMgAJrc4HtR1ciLefjob
Score

1^/10
behavioral1
- Target
  
  GMAIL/Gmail.exe
- Size
  
  31KB
- MD5
  
  10de14e959542b63e94f5a37f6326777
- SHA1
  
  9815b38b9e848493c840b4a86526551898ec5ab8
- SHA256
  
  34222959f485e42bc4759e27db7cfb3403da888b451e4cad755da65a87a4de97
- SHA512
  
  4063e60de584e7996d31acb6ff5e45c44f9b5bcdae9aa160185e92e794394b3791d5270dda56c76afba2a1eea00fb6bcaee7c94b49b57e05d87a9268e8e428a2
- SSDEEP
  
  768:upwE8K8WcS8GMpUll3BuWKjxctA+FZJrMA/n70dVo+tKF:u3l3BMFczFvMA/nY/o+tKF
Score

3^/10

discovery
behavioral2
- Target
  
  Instagram VM.exe
- Size
  
  693KB
- MD5
  
  761810f1dd2bdccd7813fc9b04c51051
- SHA1
  
  00c986e516dc1806fa68db05f6a7d45033f377a5
- SHA256
  
  66d3941c4bfc73f9267a1c3d5af24bb882e36c458c53f0027aa2bf68e86653c9
- SHA512
  
  d86b92e4c8bed114dbb09e1893793ccb46c5e9d4a83c19bc0291f2f8061475ef021993aa7d4ab68f6cd39dea1b21bf7248f46ff3d734d412f41aadadf59e6cc2
- SSDEEP
  
  12288:OgAL5nw+Qtsu6QICtDUlWd3jJ/9YyUQg91YRMDJ:Ol5nWrIElx2y81h
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3
- Target
  
  LazyAIO/LazyAIO.exe
- Size
  
  14.0MB
- MD5
  
  912c7062ea2bcd72cfca56bda87bec61
- SHA1
  
  c7422d0ba5e3e191815bc23232591441b15dc6e8
- SHA256
  
  3cf5521e8fca62a2b14808f240766cf4ddcda830786457d24f1641e7c6ce9344
- SHA512
  
  9073e89b6711b06a7f98ab8bab5497921a8d04cdf5d3a3d176cbdd33c3e5e5069d3b071e669a23043d0954ff59592dff9781ce3f5cf58cb92e031d6a6f83fd95
- SSDEEP
  
  49152:j/T9XzcMurcgwdDpDzIysQimHDFz+bDSPgm3QeFmWWE1CC3Yur2+5aPPtKm9taTc:X9mtwi+1oYQymWFCCSHo65fX
Score

7^/10

agilenet discovery
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral4
- Target
  
  Minecraft/Minecraft.exe
- Size
  
  275KB
- MD5
  
  9affb7fa676cf886e26db62cb2551049
- SHA1
  
  5a9c57cdde1e326176c1c704b0dd99a204206708
- SHA256
  
  3e9d47b28ef50dc9e05f3960b08ab706eac8e335378f56c8cb10f8e50b5ea496
- SHA512
  
  bb5cc56f1f0ad058dfa47505c355536803a2124fc2905def17155c9e67bd66132413f142df8ef4119a08a5cb63f988e4e3f0f05a6336e139f994d6e46190f59b
- SSDEEP
  
  6144:O5/1evXsbwi+ifQFKgkFNWhWleeKkfv1FX9:OB1evYGiAtIWhWlGkfTX
Score

3^/10

discovery
behavioral5
- Target
  
  Numify v3-Cracked by SpArtOr.exe
- Size
  
  1.1MB
- MD5
  
  4cbd6216fe63dfd7101f01447a0c7f32
- SHA1
  
  24cbbfd0b08f6c614bbabca99f90ba2d9cbe12b7
- SHA256
  
  111f8d1766e981e59d9f34d6cde7e874ebc6bb59a787ff549602a10b65de5313
- SHA512
  
  0b30b2c3a8e914f869336a36b6682caaa3c28a37a38a8736350bdd209db1d4e5a7aadd33fc6e8a80dcfe9c47715c8da3b19057b5ce698b632a1f51d9803effa6
- SSDEEP
  
  12288:MMCTWwx/bV8vrzRVRR+4jVPv8SO13uo9RyAA2omkn:eZ8vrzRVRRFjJv8SO1KAA2om
Score

3^/10

discovery
behavioral6
- Target
  
  VenomRAT v6.0.3_p_/Keylogger.exe
- Size
  
  10KB
- MD5
  
  b8607b7921cd9cba78058fcb56bcfb9d
- SHA1
  
  1344f12ff7e23122b62fcc7f3be548c73d3c3efd
- SHA256
  
  b2a992052d32a5b9d3702350b133289b45a8d209acd0161d9c3b0bc6fd702b3c
- SHA512
  
  dd36040e57f2744437684e257caac0987a90deac0a60536f1cb8d690e256505d427931a3beb8d58f87c2c1bf5beb0a40c4b09417c451a07e5856044efbac1449
- SSDEEP
  
  96:c+B5YocCSrXU1k1YhsadP1LH9xvXh3D6IQE6yonbMpGtzIon7CKe8m7zeQzNt:ZB5YgOd1Yh9dtnXh3D6/QAzn7f5m7Cy
Score

1^/10
behavioral7
- Target
  
  VenomRAT v6.0.3_p_/Plugins/hvnc.exe
- Size
  
  36KB
- MD5
  
  fc73d7d3f06595cee03b6d5c8d7f1288
- SHA1
  
  295e40e9b723ca96bbfcd7e2e9f4c57f9cfe31fb
- SHA256
  
  995eda42ca6298269c8ce9e6c6fe857704ceec211911bae8379f8e905eae6d32
- SHA512
  
  ad99172ca8c444b8c8473522d8c40229426b5cf9c7db49cd42d92804bc3d197ca9ca947fe8d77ec9abbd24cc386c7fa40128dd3b724d26a235d879fdf9c60fc0
- SSDEEP
  
  768:fB92a2NJWV2D2i/BLJUxGAPqpWupz/CTRtYnhbnpwgCWPL2Pi:7fPqAupz/SehbigCWjl
Score

1^/10
behavioral8
- Target
  
  VenomRAT v6.0.3_p_/Stub/ClientAny.exe
- Size
  
  71KB
- MD5
  
  958cfc3e7730a66a05d6b8a49ce13d63
- SHA1
  
  ebc55f86cccfead463fcc1e6a060a5012fb09907
- SHA256
  
  eedce349ce30bae2c269040ac02e0c1d2a979cd2743dc89dc8138e61b30f1798
- SHA512
  
  cd6c4f6229a5d97a9b335cbbaf16e4ceab2efde6dd6e17ea0e8645d12739bd2a7ab8e6a77887dd92894af17305df6aafd051c0bfdd8fe7965225f0d538d9fbc5
- SSDEEP
  
  768:+MFJ2BAxBMXR5OavIpl2d90CfOmPiEq586H+XVhMZEILH5DMnuqUch04U0VTLgSv:HJmm+g58TXsDpUuqbdLuGjhDeVclN
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
behavioral9
- Target
  
  VenomRAT v6.0.3_p_/Venom RAT_p_.exe
- Size
  
  14.2MB
- MD5
  
  fb902fb0843e4f12d068b3bcd08b2e77
- SHA1
  
  96038a62a3ea6da4f11981f80ce4961ff50fbe4d
- SHA256
  
  2743f6791b5a525252a3e138d05ecda170d0fa758e1616cf96335648c572f068
- SHA512
  
  2c188572aadc906c6971ec13f0ae7b9f79c6a88a2fd34add00ee1b2d74f14cf895a86d2ba47036a1b1e7c8e00cd5adb0387baaea7fd5e5f93feaed98bb1dc6f6
- SSDEEP
  
  196608:Wja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS1w:TT+P+Zw6NLIsFfskh1BmXG0w
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
behavioral10
- Target
  
  VenomRAT v6.0.3_p_/Venom v6.0.3.exe
- Size
  
  14.3MB
- MD5
  
  f847c6b988dcc932d1a31171160cf69e
- SHA1
  
  1b40d91ad3ef9b5e4174aec276f906fe9adda9ed
- SHA256
  
  d75d343cc6593b2cbcd2b64963d8ba7764b9517a12298baea07c0efc6252b0a8
- SHA512
  
  25dc413fa52556e7792eeea575a0654927204fb1d53b5110baee1da7f1ca67fa0c466970021ab4d173f231c41e8c321a991dd4124a0a1d6f9f8db990826087a9
- SSDEEP
  
  393216:RR4JtH5KnO38c9+kq/s03jHHTbO+hYxyPzF:4bH5Yc8c9g/j3jtlB
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

Obfuscated with Agile.Net obfuscator

AsyncRat

AsyncRat

Async RAT payload

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11