asyncrat

General

Target

xrp.exe
Size

136KB
Sample

241202-v4jq2atrht
MD5

0d08e05884330a38020985c58e14e3af
SHA1

40703991414f435a13d1da2879edeba05e2a6f4a
SHA256

afe70b3c28c52a2f90f0bfca93e335008cf06eb1c14d1b161ebf25754c6c81ac
SHA512

b7ac3707a6e7a6152c0694f1b5e44ac45522ebf94720664e91b4a66f4bcafa918d88f2ba3d233acfdd2466652dc6a3d85f980621a254165760705ea4b7d42c14
SSDEEP

1536:tGAUgKrkSIWXgB7DIHYSf6GpcEApEXJjh0Nq9tAIGpdnJWZjN52QR0+GoxhoMyn6:tGAUBgSdG7e305mxrSk

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

v1.2.0

Botnet

Default

C2

192.252.186.220:56003

192.252.186.220:3534

192.252.186.220:43985

Mutex

igsnloedblkziu

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  xrp.exe
- Size
  
  136KB
- MD5
  
  0d08e05884330a38020985c58e14e3af
- SHA1
  
  40703991414f435a13d1da2879edeba05e2a6f4a
- SHA256
  
  afe70b3c28c52a2f90f0bfca93e335008cf06eb1c14d1b161ebf25754c6c81ac
- SHA512
  
  b7ac3707a6e7a6152c0694f1b5e44ac45522ebf94720664e91b4a66f4bcafa918d88f2ba3d233acfdd2466652dc6a3d85f980621a254165760705ea4b7d42c14
- SSDEEP
  
  1536:tGAUgKrkSIWXgB7DIHYSf6GpcEApEXJjh0Nq9tAIGpdnJWZjN52QR0+GoxhoMyn6:tGAUBgSdG7e305mxrSk
Score

10^/10

asyncrat venomrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

VenomRAT

Venomrat family

Async RAT payload

Downloads MZ/PE file

Executes dropped EXE

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2