asyncrat | a7edb74c3ef9b545c28e4a291faab44d93338dcb78dcf1baab9569d286ef5405 | Triage

Sharing

General

Target

Client.exe
Size

74KB
Sample

241205-wahgjsvlc1
MD5

8d7fa55e8b19df35bec05d0f763aaebd
SHA1

7e611aac188610b808cc9d0ff8eb91f33b5a6fc1
SHA256

a7edb74c3ef9b545c28e4a291faab44d93338dcb78dcf1baab9569d286ef5405
SHA512

ec484ceee2ab704d1f5716a8f8d8b713791c750ecfb87ced75e401ffce32fc4d17c6ba7ea21dbd8feff852f681f1e69a3e3e7852ed170797f9952dd5d8a2ef0c
SSDEEP

1536:8UUPcxVteCW7PMVee9VdQuDI6H1bf/nSMfb/xQzcBLVclN:8UmcxV4x7PMVee9VdQsH1bf6YxQYBY

Score

10^/10

asyncrat default discovery evasion persistence privilege_escalation rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

147.185.221.24:17909

Mutex

xftanyrkdmfog

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  74KB
- MD5
  
  8d7fa55e8b19df35bec05d0f763aaebd
- SHA1
  
  7e611aac188610b808cc9d0ff8eb91f33b5a6fc1
- SHA256
  
  a7edb74c3ef9b545c28e4a291faab44d93338dcb78dcf1baab9569d286ef5405
- SHA512
  
  ec484ceee2ab704d1f5716a8f8d8b713791c750ecfb87ced75e401ffce32fc4d17c6ba7ea21dbd8feff852f681f1e69a3e3e7852ed170797f9952dd5d8a2ef0c
- SSDEEP
  
  1536:8UUPcxVteCW7PMVee9VdQuDI6H1bf/nSMfb/xQzcBLVclN:8UmcxV4x7PMVee9VdQsH1bf6YxQYBY
Score

10^/10

asyncrat default discovery evasion persistence privilege_escalation rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Network Service Discovery

Permission Groups Discovery

Local Groups

Process Discovery

Query Registry

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryevasionpersistenceprivilege_escalationrat