asyncrat | 73c86973fd267f059a907e612315f504d17a2be8739c1cdd480cc0a1b39e0ce4 | Triage

Submit
Reports

Overview

overview

Static

static

5

New_Order0...df.scr

windows7-x64

New_Order0...df.scr

windows10-2004-x64

Sharing

General

Target

73c86973fd267f059a907e612315f504d17a2be8739c1cdd480cc0a1b39e0ce4
Size

533KB
Sample

241213-vp1q1axjck
MD5

bd58930858f1f8f4648a681735dbac91
SHA1

0759d8ecb04a91d952f6c381aae4255d86162719
SHA256

73c86973fd267f059a907e612315f504d17a2be8739c1cdd480cc0a1b39e0ce4
SHA512

5b88a3af02bd3fea94f0885310f4c8a721fc8cfb3f403b0aadf7a6252cb04b478a1658414975b37fa0a4949052f16214ae6b9000ea6ee832de6080a5187b8e6c
SSDEEP

12288:r66ReTQ94cHjk8SMvi330i/jMj3W7+Ux0Af6SHFu5/i4:r6NTQrDk8bvi3kiSG7t0uy1

Score

10^/10

asyncrat default discovery rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

New_Order0512204#7666467pdf.scr

Resource

win7-20240903-en

asyncrat default discovery rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

New_Order0512204#7666467pdf.scr

Resource

win10v2004-20241007-en

asyncrat default discovery rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

87.120.120.15:4449

Mutex

ykpleyrgtopul

Attributes

delay
10
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  New_Order0512204#7666467pdf.scr
- Size
  
  950KB
- MD5
  
  a8a4aa9c047894582f100213370da8de
- SHA1
  
  e7b4d9747c787599947d9944cc90ed36c31984b4
- SHA256
  
  31c1b7a32fed169045d32fda5b53a1bcc9e2919ef9217b3232380f89869204c7
- SHA512
  
  235b0a604d73ea9a45c3db63693cf1a6ee3f38ea783c22568af233252a41c7018dd77b96f70020e2e97c0f2843b316b270a023d95983c55cdc72c6ecc86df0c9
- SSDEEP
  
  24576:Gu6J33O0c+JY5UZ+XC0kGso6Fat0svhWWY:Iu0c++OCvkGs9Fat0sv7Y
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat

© 2018-2024

Terms | Privacy