asyncrat | 7ed2dbc79e11bcea58da5489f14b40343d5d1962afc1dc97a17ee42bf93cd49c | Triage

Sharing

General

Target

test.bat
Size

1KB
Sample

241210-2xnvqstlex
MD5

b78408977228a09e62dca22d338feafb
SHA1

fac271d4467a36e7ca0b01a81e233e70e200c847
SHA256

7ed2dbc79e11bcea58da5489f14b40343d5d1962afc1dc97a17ee42bf93cd49c
SHA512

37a904d1fb2d03ec32582be38b3a242c63e3ce7f8d1a958327760ba1f8c5545801fb0645b97ff52ca141391bcb7f2ba743f7d11f616a4ba96d0abac6d949cf43

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/Realmastercoder69/realnew/releases/download/das/virus.exe

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

66.66.146.74:9511

Mutex

8906005788005HTGF

Attributes

delay
1
install
true
install_file
WINDOWS.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  test.bat
- Size
  
  1KB
- MD5
  
  b78408977228a09e62dca22d338feafb
- SHA1
  
  fac271d4467a36e7ca0b01a81e233e70e200c847
- SHA256
  
  7ed2dbc79e11bcea58da5489f14b40343d5d1962afc1dc97a17ee42bf93cd49c
- SHA512
  
  37a904d1fb2d03ec32582be38b3a242c63e3ce7f8d1a958327760ba1f8c5545801fb0645b97ff52ca141391bcb7f2ba743f7d11f616a4ba96d0abac6d949cf43
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat