asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

VenomRAT v6.0.3 (+SOURCE).7z
Size

73.7MB
Sample

241122-tpr87atpgv
MD5

29c6c293c6723135cbe7b5d0fc3a3d20
SHA1

17219c8998c1afa1bd7061276958e9ed54cbb393
SHA256

46c17ffefbfcaa044cbbcbb33d6219da84538c22a51e53bff647c87da33a0bd9
SHA512

d6833432820b6eb2828ffd88a3028f3b3b014176db76330ce5c3af5eeb80aac1d9816d81dfdaa11a972e59ed144551d60c1cf4b0568e5cc7dedcb6df033c12e1
SSDEEP

1572864:4VI5gzIBQ4OZRbwhtq81vZ8KCNsuYk+8327i8Nd5Sr5:KIeIa4Atotq87BCyuz+BOKe5

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

95.216.52.21:7575

Mutex

xdnqiaxygefjfoolgo

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

Mutex

hfvvhdasugp

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Client.exe
- Size
  
  66KB
- MD5
  
  3935ef8202cd8040741138a14b0655f0
- SHA1
  
  54cf02cf472111b57ac5329a408b2f858e2f3b86
- SHA256
  
  3a7efdc3d85adf7a5484ef17549db47be2a78b4b6892d93dd91958bb9a9edb82
- SHA512
  
  cbc24bde07ec9d1372869ce697ba3fcc76a7be2b75122af1f283160551dfc2dd18f77bc24ed0fff37b49dc7c8b0ffd41001f238595bec0c4761a5f4a79ec5ff1
- SSDEEP
  
  1536:0vWMO7xoQlzh4fZF9O8QQHFkYlTwVsbbXA/a2s9TDZVclN:HoR9O8QQHFk1sbbXh2sNzY
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
behavioral1 behavioral2
- Target
  
  VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.WinRTPresenter.Launcher.exe
- Size
  
  13KB
- MD5
  
  de4449ac523ac31f66efe7f090360f71
- SHA1
  
  de7fcb8c16c7cab8255b8e31781efb0ffc45acce
- SHA256
  
  76a868948e5b4df73f5dab5606135f6bf10b598bdaa991737224edcb8fdd58db
- SHA512
  
  d43021c5878f08c38264e1882313959aa51b8dabf6649a64f476f3e7c0ba7fdaaac0f3edaa6fb3ea2e56889a5e78791236c1dfe8dbcd9218d7eab30a9ee4a56c
- SSDEEP
  
  192:CWOsh9lqaOG7Uuri11x9OFzACQS5y2VL:rOsZTVrYTORDQ7y
Score

1^/10
behavioral3 behavioral4
- Target
  
  VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Keylogger.exe
- Size
  
  10KB
- MD5
  
  b8607b7921cd9cba78058fcb56bcfb9d
- SHA1
  
  1344f12ff7e23122b62fcc7f3be548c73d3c3efd
- SHA256
  
  b2a992052d32a5b9d3702350b133289b45a8d209acd0161d9c3b0bc6fd702b3c
- SHA512
  
  dd36040e57f2744437684e257caac0987a90deac0a60536f1cb8d690e256505d427931a3beb8d58f87c2c1bf5beb0a40c4b09417c451a07e5856044efbac1449
- SSDEEP
  
  96:c+B5YocCSrXU1k1YhsadP1LH9xvXh3D6IQE6yonbMpGtzIon7CKe8m7zeQzNt:ZB5YgOd1Yh9dtnXh3D6/QAzn7f5m7Cy
Score

1^/10
behavioral5 behavioral6
- Target
  
  VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Plugins/Keylogger.exe
- Size
  
  13KB
- MD5
  
  b891f6eac297cc501c01687a041e2ca5
- SHA1
  
  2dd0748b0952dc7d73943f0b24f5036a2773bf24
- SHA256
  
  b0df63466dd20c4f860263eafba2feb255bf31ea43264a142f8e9010b27d016c
- SHA512
  
  d525c84a2ab967d65c5538aa46c0a126221582c820bde9c101105f27ea8d0c819161a1764872bb6e469c07bc2f53003e7a453e518ffa59aaa919370687bd90a6
- SSDEEP
  
  384:A4MtOoYttncuYsLhH3dF5L18GEP8Tx/NoE:qEbtQO5LS/P8Tx/n
Score

1^/10
behavioral7 behavioral8
- Target
  
  VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Plugins/hvnc.exe
- Size
  
  36KB
- MD5
  
  fc73d7d3f06595cee03b6d5c8d7f1288
- SHA1
  
  295e40e9b723ca96bbfcd7e2e9f4c57f9cfe31fb
- SHA256
  
  995eda42ca6298269c8ce9e6c6fe857704ceec211911bae8379f8e905eae6d32
- SHA512
  
  ad99172ca8c444b8c8473522d8c40229426b5cf9c7db49cd42d92804bc3d197ca9ca947fe8d77ec9abbd24cc386c7fa40128dd3b724d26a235d879fdf9c60fc0
- SSDEEP
  
  768:fB92a2NJWV2D2i/BLJUxGAPqpWupz/CTRtYnhbnpwgCWPL2Pi:7fPqAupz/SehbigCWjl
Score

1^/10
behavioral10 behavioral9
- Target
  
  VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Stub/ClientAny.exe
- Size
  
  71KB
- MD5
  
  958cfc3e7730a66a05d6b8a49ce13d63
- SHA1
  
  ebc55f86cccfead463fcc1e6a060a5012fb09907
- SHA256
  
  eedce349ce30bae2c269040ac02e0c1d2a979cd2743dc89dc8138e61b30f1798
- SHA512
  
  cd6c4f6229a5d97a9b335cbbaf16e4ceab2efde6dd6e17ea0e8645d12739bd2a7ab8e6a77887dd92894af17305df6aafd051c0bfdd8fe7965225f0d538d9fbc5
- SSDEEP
  
  768:+MFJ2BAxBMXR5OavIpl2d90CfOmPiEq586H+XVhMZEILH5DMnuqUch04U0VTLgSv:HJmm+g58TXsDpUuqbdLuGjhDeVclN
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
behavioral11 behavioral12
- Target
  
  VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Stub/Clientx64.exe
- Size
  
  71KB
- MD5
  
  33aa30124ec0b36f1a9319cd62a11e84
- SHA1
  
  f8181335be708048b28cf1540054a5dd9d6acf8c
- SHA256
  
  c6a8838b3619db76fc89af6bbd9188f868557348b3d06e2815eae2882dae8ec3
- SHA512
  
  fceed2946791b47eb3e9f5b94fb11104abdc6bd8c2ae3c4c4694880af168608822a0b77ceecaeda125a04ffe2fcc081bf0e003c17ba3dc34a6ad261d45da7e65
- SSDEEP
  
  768:aEFJ2BAxBMXR5OavIpl2d90CfOmfiEq586H+XVhMxEILH5DMnuqLch04U0VTLgSS:LJmm+A58TXsLpUuqudLuGjhMCVclN
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
behavioral13 behavioral14
- Target
  
  VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Venom RAT + HVNC + Stealer + Grabber.exe
- Size
  
  14.2MB
- MD5
  
  3b3a304c6fc7a3a1d9390d7cbff56634
- SHA1
  
  e8bd5244e6362968f5017680da33f1e90ae63dd7
- SHA256
  
  7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58
- SHA512
  
  7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5
- SSDEEP
  
  196608:Nja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS14:qT+P+Zw6NLIsFfskh1BmXG04
Score

10^/10

asyncrat default discovery rat evasion execution trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Asyncrat family

AsyncRat

Asyncrat family

AsyncRat

Asyncrat family

AsyncRat

Asyncrat family

Modifies Windows Defender Real-time Protection settings

Suspicious use of NtCreateUserProcessOtherParentProcess

Async RAT payload

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16