asyncrat | bb7ad16471d922ca93fb343372dba6034cfdd536831a395e4054c7d9d2ff6664 | Triage

Sharing

General

Target

lol.bat
Size

272B
Sample

241210-2rhfrstjew
MD5

bbcb8363229c568f8a50a6e06e90d27c
SHA1

bb2cedb7ab72648e4b63940a0f2de83d2d34c447
SHA256

bb7ad16471d922ca93fb343372dba6034cfdd536831a395e4054c7d9d2ff6664
SHA512

fe230e3253930c00ac07ec5ea2fe4e2756dcd725a17ccdb9d3c1fe502ffa6ddb65c955ac3818c2de5b2a62faaaa6ad6e34ac767475288ee39bb59018f8f2236c

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/Realmastercoder69/realnew/releases/download/das/virus.exe

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

66.66.146.74:9511

Mutex

8906005788005HTGF

Attributes

delay
1
install
true
install_file
WINDOWS.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  lol.bat
- Size
  
  272B
- MD5
  
  bbcb8363229c568f8a50a6e06e90d27c
- SHA1
  
  bb2cedb7ab72648e4b63940a0f2de83d2d34c447
- SHA256
  
  bb7ad16471d922ca93fb343372dba6034cfdd536831a395e4054c7d9d2ff6664
- SHA512
  
  fe230e3253930c00ac07ec5ea2fe4e2756dcd725a17ccdb9d3c1fe502ffa6ddb65c955ac3818c2de5b2a62faaaa6ad6e34ac767475288ee39bb59018f8f2236c
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat