asyncrat | 931a185152c1d316cd2b65998aee88d4f64f4acbe59df3efabb0ff968fa6c993 | Triage

Sharing

General

Target

931a185152c1d316cd2b65998aee88d4f64f4acbe59df3efabb0ff968fa6c993.exe
Size

1.1MB
Sample

241020-c16ghswbmr
MD5

0e43108aac7bb6e9f68d769b746fea16
SHA1

751e7fe585e73d5ab80f5f629c94c170484c12f5
SHA256

931a185152c1d316cd2b65998aee88d4f64f4acbe59df3efabb0ff968fa6c993
SHA512

faca3f1d87a4bdbacc0396544818a27925800b95e298185eb8ae3580d79f02a7eee7f02564181f453bdb56197539a3659526e1f00881ac0779301d7dbdd60c27
SSDEEP

24576:D9e1IHkIpNfvY092Y1f9t2JZVJ+TJV8felYpYtx8zkUa:DUmHpBNv9UJZVJ+TJVuiMa

Score

10^/10

asyncrat newclient discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Receiving + Grabber v6.0.4

Botnet

NewClient

C2

157.20.182.183:4449

Mutex

fsqshvwapaxdhwtdp

Attributes

delay
1
install
false
install_file
Winup.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  931a185152c1d316cd2b65998aee88d4f64f4acbe59df3efabb0ff968fa6c993.exe
- Size
  
  1.1MB
- MD5
  
  0e43108aac7bb6e9f68d769b746fea16
- SHA1
  
  751e7fe585e73d5ab80f5f629c94c170484c12f5
- SHA256
  
  931a185152c1d316cd2b65998aee88d4f64f4acbe59df3efabb0ff968fa6c993
- SHA512
  
  faca3f1d87a4bdbacc0396544818a27925800b95e298185eb8ae3580d79f02a7eee7f02564181f453bdb56197539a3659526e1f00881ac0779301d7dbdd60c27
- SSDEEP
  
  24576:D9e1IHkIpNfvY092Y1f9t2JZVJ+TJV8felYpYtx8zkUa:DUmHpBNv9UJZVJ+TJVuiMa
Score

10^/10

asyncrat newclient discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratnewclientdiscoveryrat

behavioral2

asyncratnewclientdiscoveryrat