asyncrat

General

Target

Client.exe
Size

75KB
Sample

241011-zysh7stflh
MD5

0cc47ff18d0e3298f9beab60d3aa579e
SHA1

67c3020a046707cbde4dea02352272d6e6b77189
SHA256

87dc5fec26bd15e8a2d4d47a3d29b8fe43be265666770bdecfb496c77c0e3212
SHA512

e0f0627aa715665a27e3b505af264c3c2500b9414764d028fa0ecba0dc979a187f75baf4f97b4793b31325dda65310d8a3e3eccfe676b1f7b13e47334b5fe5b3
SSDEEP

1536:fukU0OSeCX/PMRkYKt2OlY6H1bf/i7AkzkiLVclN:fXUHjAPMRkYv4jH1bfVk7BY

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

51.254.53.24:4449

86.68.222.14:4449

Mutex

ygfmgwcmzefwhl

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://xcu.exgaming.click

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://xcu5.exgaming.click

Targets

- Target
  
  Client.exe
- Size
  
  75KB
- MD5
  
  0cc47ff18d0e3298f9beab60d3aa579e
- SHA1
  
  67c3020a046707cbde4dea02352272d6e6b77189
- SHA256
  
  87dc5fec26bd15e8a2d4d47a3d29b8fe43be265666770bdecfb496c77c0e3212
- SHA512
  
  e0f0627aa715665a27e3b505af264c3c2500b9414764d028fa0ecba0dc979a187f75baf4f97b4793b31325dda65310d8a3e3eccfe676b1f7b13e47334b5fe5b3
- SSDEEP
  
  1536:fukU0OSeCX/PMRkYKt2OlY6H1bf/i7AkzkiLVclN:fXUHjAPMRkYv4jH1bfVk7BY
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2

T1059

PowerShell

2

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

VenomRAT

Checks computer location settings

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2