asyncrat | 7a31e73a61251309c51a343c14af5149915110c0f818747f7de78344739f21c5 | Triage

Sharing

General

Target

file.exe
Size

654KB
Sample

241210-y54z5ssmfp
MD5

ae806b6f5e02484c2be2b49da35b3d26
SHA1

66ae8df94cd9e804fab01bc6be77cfec8d544226
SHA256

7a31e73a61251309c51a343c14af5149915110c0f818747f7de78344739f21c5
SHA512

8ea9cfe94bc4dbfc0a6c43b811461e6da4cab55fe6a3ddd1a4795f0887b2a311a6e9d9a464bb9253985c5a68cc206c36a703319463e5daca92adbe056e16a968
SSDEEP

12288:77MfJIBvlbmLC3sCPtRzSXiBdja/z2UmG5pc4M1xK/5BFz2430RUwy9EXX+CNkkR:SIme3LLAiBdMmGpNkspz2i0RUwFOCND

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

185.208.158.187:4449

Mutex

tnybaidkzovl

Attributes

delay
10
install
true
install_file
NotepadUpdate.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  file.exe
- Size
  
  654KB
- MD5
  
  ae806b6f5e02484c2be2b49da35b3d26
- SHA1
  
  66ae8df94cd9e804fab01bc6be77cfec8d544226
- SHA256
  
  7a31e73a61251309c51a343c14af5149915110c0f818747f7de78344739f21c5
- SHA512
  
  8ea9cfe94bc4dbfc0a6c43b811461e6da4cab55fe6a3ddd1a4795f0887b2a311a6e9d9a464bb9253985c5a68cc206c36a703319463e5daca92adbe056e16a968
- SSDEEP
  
  12288:77MfJIBvlbmLC3sCPtRzSXiBdja/z2UmG5pc4M1xK/5BFz2430RUwy9EXX+CNkkR:SIme3LLAiBdMmGpNkspz2i0RUwFOCND
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat