asyncrat

General

Target

f24da1d458f078adf96dca79955313eea5cfe7a6a36334b1352553a31928cec6.vbs
Size

78KB
Sample

241213-dt5r3sxka1
MD5

ab631b79a8f6cc0f48e17765c33c8fee
SHA1

539298c574b25b70379fccd8c47c3dbee5184877
SHA256

f24da1d458f078adf96dca79955313eea5cfe7a6a36334b1352553a31928cec6
SHA512

0e5818d2c4eca342c7b8ece7c8f14028e34d00e2c83f0d3c72ceaeb0380fc568ceb02df8e5743b9a691d85cc462863bceb68ccb1cf499994fe0e523debe6e550
SSDEEP

1536:rtYq5Mv5eaBf+kvAQKCidRC0Xe6Tw/LP5KU52t+gN4:lmRea3vAWGOyZsu4

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

45.149.241.239:1978

Mutex

ewdlylafhlapsawrztd

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  f24da1d458f078adf96dca79955313eea5cfe7a6a36334b1352553a31928cec6.vbs
- Size
  
  78KB
- MD5
  
  ab631b79a8f6cc0f48e17765c33c8fee
- SHA1
  
  539298c574b25b70379fccd8c47c3dbee5184877
- SHA256
  
  f24da1d458f078adf96dca79955313eea5cfe7a6a36334b1352553a31928cec6
- SHA512
  
  0e5818d2c4eca342c7b8ece7c8f14028e34d00e2c83f0d3c72ceaeb0380fc568ceb02df8e5743b9a691d85cc462863bceb68ccb1cf499994fe0e523debe6e550
- SSDEEP
  
  1536:rtYq5Mv5eaBf+kvAQKCidRC0Xe6Tw/LP5KU52t+gN4:lmRea3vAWGOyZsu4
Score

10^/10

execution asyncrat venomrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

VenomRAT

Venomrat family

Async RAT payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2