asyncrat | 08715f8a4d0627387a6eb1294d90a936551cada622a8377592adbac9eba76ec6 | Triage

Sharing

General

Target

test.bat
Size

356B
Sample

241210-2wt1cstlbz
MD5

0db6431e1e0b528c1003b75a3c10c0fb
SHA1

392315f341dffee2f2abaea389f171c55be0299e
SHA256

08715f8a4d0627387a6eb1294d90a936551cada622a8377592adbac9eba76ec6
SHA512

f5fd7505003070cbe2c37531137d9a800d5acbedf08bc638a9c54ed93bb41bb8f14a37f821e645bae2d39f9ad019033ba55ee3f69114a21fc132c19fa33f8a84

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/Realmastercoder69/realnew/releases/download/das/virus.exe

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

66.66.146.74:9511

Mutex

8906005788005HTGF

Attributes

delay
1
install
true
install_file
WINDOWS.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  test.bat
- Size
  
  356B
- MD5
  
  0db6431e1e0b528c1003b75a3c10c0fb
- SHA1
  
  392315f341dffee2f2abaea389f171c55be0299e
- SHA256
  
  08715f8a4d0627387a6eb1294d90a936551cada622a8377592adbac9eba76ec6
- SHA512
  
  f5fd7505003070cbe2c37531137d9a800d5acbedf08bc638a9c54ed93bb41bb8f14a37f821e645bae2d39f9ad019033ba55ee3f69114a21fc132c19fa33f8a84
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat