asyncrat | b89c8fb7d60e1ad1593a0f8f71f0ff8627f4cd7cdca0ad816cf88f17e36fa159 | Triage

Sharing

General

Target

listenlittlenigger.exe
Size

6.7MB
Sample

241129-zqk46azqaj
MD5

42bd70076cbd6bf784ab995852146824
SHA1

e0f1e831775736e856f5325f546c3638f6112775
SHA256

b89c8fb7d60e1ad1593a0f8f71f0ff8627f4cd7cdca0ad816cf88f17e36fa159
SHA512

61b4a3e526e84280df3a26b2d8e7cef969dd45f32f6e857f62e9e2b01b355d22da9430807ab1515b2a4be6c7ef2d4b5520d2c3cc8a5c0152595b9a91c3c38f54
SSDEEP

196608:QsjpAN/kWDGXtGzICteEroxzlxZV3Gu5D4S26/CS3HxTM9:Jj6buGzInErot14S26nxY9

Score

10^/10

asyncrat venomrat default persistence pyinstaller rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:11162

Mutex

kqfpdrtqyhcytvu

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  listenlittlenigger.exe
- Size
  
  6.7MB
- MD5
  
  42bd70076cbd6bf784ab995852146824
- SHA1
  
  e0f1e831775736e856f5325f546c3638f6112775
- SHA256
  
  b89c8fb7d60e1ad1593a0f8f71f0ff8627f4cd7cdca0ad816cf88f17e36fa159
- SHA512
  
  61b4a3e526e84280df3a26b2d8e7cef969dd45f32f6e857f62e9e2b01b355d22da9430807ab1515b2a4be6c7ef2d4b5520d2c3cc8a5c0152595b9a91c3c38f54
- SSDEEP
  
  196608:QsjpAN/kWDGXtGzICteEroxzlxZV3Gu5D4S26/CS3HxTM9:Jj6buGzInErot14S26nxY9
Score

10^/10

asyncrat venomrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratvenomratdefaultpersistencerat