asyncrat | 051bcd80b859378e9ff45546ecc3766499f44190fe25716b7419769b38308320 | Triage

Sharing

General

Target

Needed Aircraft PN#_Desc_&_Qty Details.vbs
Size

91KB
Sample

241212-rs1nmaxjdz
MD5

7f67c01cf304afa0adf4c3095477ab07
SHA1

9c5e5e550e15b4e0e949591488ba72154e13378f
SHA256

051bcd80b859378e9ff45546ecc3766499f44190fe25716b7419769b38308320
SHA512

cbcf82588439f81719c5931b08176de77e3c7d08e22c084836ee3224dbbc6a96ebb4873cb2ac1d6d0225b6f7a8f8cef873fab3b54115e4cd8eb0ec1b623a7737
SSDEEP

1536:M8we4uQyXKFD5cFkWLcaxdYOyhGhRW9w+vcdlziIqzRNBHarEZ+2K:M8z4DOOW4eOFGhRW9wCIzi/8rE42K

Score

10^/10

asyncrat core i9 omen execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

core i9 OMEN

C2

45.88.88.7:4164

Mutex

nxafgjygny

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Needed Aircraft PN#_Desc_&_Qty Details.vbs
- Size
  
  91KB
- MD5
  
  7f67c01cf304afa0adf4c3095477ab07
- SHA1
  
  9c5e5e550e15b4e0e949591488ba72154e13378f
- SHA256
  
  051bcd80b859378e9ff45546ecc3766499f44190fe25716b7419769b38308320
- SHA512
  
  cbcf82588439f81719c5931b08176de77e3c7d08e22c084836ee3224dbbc6a96ebb4873cb2ac1d6d0225b6f7a8f8cef873fab3b54115e4cd8eb0ec1b623a7737
- SSDEEP
  
  1536:M8we4uQyXKFD5cFkWLcaxdYOyhGhRW9w+vcdlziIqzRNBHarEZ+2K:M8z4DOOW4eOFGhRW9wCIzi/8rE42K
Score

10^/10

execution asyncrat core i9 omen rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratcore i9 omenexecutionrat