asyncrat | 6415105cf9e677626d5d9d25520b1dd1279bb8bc2ee820787d0fcc76ecd3e663 | Triage

Sharing

General

Target

Passenger Itinerary.vbs
Size

78KB
Sample

241212-rse2xsypcl
MD5

f5bfac09b17af66506e500ce22c71f92
SHA1

bf949f2cb7457bcc173e0b98f656be133a088225
SHA256

6415105cf9e677626d5d9d25520b1dd1279bb8bc2ee820787d0fcc76ecd3e663
SHA512

5cab281eae07d317c02f031986b472967b4ffdca1dc3343d4e697f1ae1d8503ba237e5e1c7b60b55154f29421f7d3c79e1f125b56f96b98bcd58fa1677756d26
SSDEEP

1536:9dKIP+7Eys+3Xe05WVD8/PSfxDrtlsMKePYPm9nPJ6oMM:9dKIP8EyF3rqD8/2xvtBP0InR6NM

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

45.149.241.239:1978

Mutex

ewdlylafhlapsawrztd

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Passenger Itinerary.vbs
- Size
  
  78KB
- MD5
  
  f5bfac09b17af66506e500ce22c71f92
- SHA1
  
  bf949f2cb7457bcc173e0b98f656be133a088225
- SHA256
  
  6415105cf9e677626d5d9d25520b1dd1279bb8bc2ee820787d0fcc76ecd3e663
- SHA512
  
  5cab281eae07d317c02f031986b472967b4ffdca1dc3343d4e697f1ae1d8503ba237e5e1c7b60b55154f29421f7d3c79e1f125b56f96b98bcd58fa1677756d26
- SSDEEP
  
  1536:9dKIP+7Eys+3Xe05WVD8/PSfxDrtlsMKePYPm9nPJ6oMM:9dKIP8EyF3rqD8/2xvtBP0InR6NM
Score

10^/10

execution asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultexecutionrat