asyncrat | b2268bc734c9d33e218e4edc798d3c04ce44039abe3f158d662a8907ca581987 | Triage

Sharing

General

Target

b2268bc734c9d33e218e4edc798d3c04ce44039abe3f158d662a8907ca581987N.exe
Size

173KB
Sample

241117-ml72xaxles
MD5

47145d48bc26baf524555bf5574fb7a0
SHA1

4bb8b205308527a698fa9122d5fb62852ad58e40
SHA256

b2268bc734c9d33e218e4edc798d3c04ce44039abe3f158d662a8907ca581987
SHA512

d3016c246f901154cc9ea5c08b2dc74755b6e807396e0a8b0444780fc5b8d1aff58cf2b3bf2ffd6dd53f45cede6c618259225fe7b3ba970333f89e23120eda87
SSDEEP

3072:mTblwufSK/kgvh66vLQqGclZdqBWHBkFRwqNwId6Hrwb1NTv:mmaMMQUdqBWhkMqNUrwb

Score

10^/10

asyncrat venom clients rat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

87.120.127.32:1339

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
true
install_file
vchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b2268bc734c9d33e218e4edc798d3c04ce44039abe3f158d662a8907ca581987N.exe
- Size
  
  173KB
- MD5
  
  47145d48bc26baf524555bf5574fb7a0
- SHA1
  
  4bb8b205308527a698fa9122d5fb62852ad58e40
- SHA256
  
  b2268bc734c9d33e218e4edc798d3c04ce44039abe3f158d662a8907ca581987
- SHA512
  
  d3016c246f901154cc9ea5c08b2dc74755b6e807396e0a8b0444780fc5b8d1aff58cf2b3bf2ffd6dd53f45cede6c618259225fe7b3ba970333f89e23120eda87
- SSDEEP
  
  3072:mTblwufSK/kgvh66vLQqGclZdqBWHBkFRwqNwId6Hrwb1NTv:mmaMMQUdqBWhkMqNUrwb
Score

10^/10

asyncrat venom clients rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenom clientsrat

behavioral2

asyncratvenom clientsrat