asyncrat | b736623441dcad195ea6687281e8ead850c5b1c690d896f1d942abd52e1a86a5 | Triage

Sharing

General

Target

b736623441dcad195ea6687281e8ead850c5b1c690d896f1d942abd52e1a86a5.vbs
Size

67KB
Sample

241213-dh7gjaykdq
MD5

0eccd58bd629893c13a11881a4707538
SHA1

0c6eb5b4ca3e92c44ea8b8e9d0841189aeb7d554
SHA256

b736623441dcad195ea6687281e8ead850c5b1c690d896f1d942abd52e1a86a5
SHA512

25a8c044df81bd1e953922f897616eacb615e68e1a0e33d7606c1f4f42913c62826090e5ac4d9a7a62c20284c7206182df3b9999b7704aed692d7933015608b8
SSDEEP

1536:hvakp9tDsWXM2yd+DeYq4Vi5QBCOXU3T18Foc:tJTZrXw+i++cCOXAjc

Score

10^/10

asyncrat venomrat py 2024 discovery execution persistence rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

py 2024

C2

45.88.88.7:6987

Mutex

vojifcrudluxshc

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b736623441dcad195ea6687281e8ead850c5b1c690d896f1d942abd52e1a86a5.vbs
- Size
  
  67KB
- MD5
  
  0eccd58bd629893c13a11881a4707538
- SHA1
  
  0c6eb5b4ca3e92c44ea8b8e9d0841189aeb7d554
- SHA256
  
  b736623441dcad195ea6687281e8ead850c5b1c690d896f1d942abd52e1a86a5
- SHA512
  
  25a8c044df81bd1e953922f897616eacb615e68e1a0e33d7606c1f4f42913c62826090e5ac4d9a7a62c20284c7206182df3b9999b7704aed692d7933015608b8
- SSDEEP
  
  1536:hvakp9tDsWXM2yd+DeYq4Vi5QBCOXU3T18Foc:tJTZrXw+i++cCOXAjc
Score

10^/10

execution persistence asyncrat venomrat py 2024 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

asyncratvenomratpy 2024discoveryexecutionpersistencerat