asyncrat | 8fe639c3cbdcb49a5246f85ce136f14c8c0ad5150c6e38b5eb66eced9d4c4329 | Triage

Sharing

General

Target

Nova.rar
Size

2.1MB
Sample

241212-qwgt9awja1
MD5

50ee1cf21948c6015354e9c1a94ca5db
SHA1

f2f6fb19a2db75d2d5515fd3a20c66eb8f3e6d42
SHA256

8fe639c3cbdcb49a5246f85ce136f14c8c0ad5150c6e38b5eb66eced9d4c4329
SHA512

46c8a6e2818972ec363b5905838e05828a87b10c7991ae5124c485ccf625da0cff4985d675bbda08a9eccf1fc1027c5db0a22f8e99c732f7593f66c68f3654dc
SSDEEP

49152:OWYU2F4Tu9YiDuTnlvraYTi04JIBv1WteMcP+1HFFNFwAAnv4qy+d:ZYLCiDuDluYe0cUwp31bN1Aj

Score

10^/10

asyncrat default evasion execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

193.161.193.99:53757

Mutex

hsaurcrgqwhjimnkbht

Attributes

delay
1
install
true
install_file
Load.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Nova.rar
- Size
  
  2.1MB
- MD5
  
  50ee1cf21948c6015354e9c1a94ca5db
- SHA1
  
  f2f6fb19a2db75d2d5515fd3a20c66eb8f3e6d42
- SHA256
  
  8fe639c3cbdcb49a5246f85ce136f14c8c0ad5150c6e38b5eb66eced9d4c4329
- SHA512
  
  46c8a6e2818972ec363b5905838e05828a87b10c7991ae5124c485ccf625da0cff4985d675bbda08a9eccf1fc1027c5db0a22f8e99c732f7593f66c68f3654dc
- SSDEEP
  
  49152:OWYU2F4Tu9YiDuTnlvraYTi04JIBv1WteMcP+1HFFNFwAAnv4qy+d:ZYLCiDuDluYe0cUwp31bN1Aj
Score

10^/10

asyncrat default evasion execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

asyncratdefaultevasionexecutionrat