asyncrat | 7f3067fd568421d59b16e35bdd9cbe94b3be7ce8b77e06b5ed4475fc70c683da | Triage

Sharing

General

Target

test.bat
Size

171KB
Sample

241210-2vakbsykeq
MD5

50143263c2d75d9d835e7ee09d4206bb
SHA1

5bc6c41e0f76004c48f1471d2d0dad7438cd72ab
SHA256

7f3067fd568421d59b16e35bdd9cbe94b3be7ce8b77e06b5ed4475fc70c683da
SHA512

1910b62136432ed8c26d050b4faf7d68d7b71fbc8bd190da9bb6cc9910ab0ff5a52882997832d50b7776e7cd017428fe86c1e0679b5c3100a686f5ba909d55b6
SSDEEP

192:CnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnF:q

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/Realmastercoder69/realnew/releases/download/das/virus.exe

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

66.66.146.74:9511

Mutex

8906005788005HTGF

Attributes

delay
1
install
true
install_file
WINDOWS.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  test.bat
- Size
  
  171KB
- MD5
  
  50143263c2d75d9d835e7ee09d4206bb
- SHA1
  
  5bc6c41e0f76004c48f1471d2d0dad7438cd72ab
- SHA256
  
  7f3067fd568421d59b16e35bdd9cbe94b3be7ce8b77e06b5ed4475fc70c683da
- SHA512
  
  1910b62136432ed8c26d050b4faf7d68d7b71fbc8bd190da9bb6cc9910ab0ff5a52882997832d50b7776e7cd017428fe86c1e0679b5c3100a686f5ba909d55b6
- SSDEEP
  
  192:CnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnF:q
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat