asyncrat | 2f008e82dff5d835237221d923e390e7e8d32a3e77f7a417c2713601522738c1 | Triage

Sharing

General

Target

JaffaCakes118_2f008e82dff5d835237221d923e390e7e8d32a3e77f7a417c2713601522738c1
Size

104KB
Sample

241222-e5yctatngl
MD5

66b4d813664b8b8de02a3d6c0cc3da79
SHA1

fe9d81d10a4f3e4c6ca1685da63c6ce349e1f576
SHA256

2f008e82dff5d835237221d923e390e7e8d32a3e77f7a417c2713601522738c1
SHA512

822441e66aea92680b811f2e3a4be2c4dc9ededa6789d2fb9a2d801f163c449c6ccabe2c4ecc3129117ced68604c142c0470517830340db1e89b4be898b75ede
SSDEEP

3072:yaq4YpijXng1CBgCVdA2uUvn6V+SKxrSJ7l:yRm31Bg8dA2uCnxSkcB

Score

10^/10

asyncrat venom clients discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.4

Botnet

Venom Clients

C2

bbiy00362.duckdns.org:6731

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  APKYUPOKSJ09HJSA.exe
- Size
  
  300.0MB
- MD5
  
  4c831c9d698ae1c40d99156135de269d
- SHA1
  
  f8308ea93ea6b570d047a732c5ad4bc47e74c8a4
- SHA256
  
  d99baa8c9a2503d5f423797042bbde745379f275d174d009763d09b987edd9ba
- SHA512
  
  d8215059d6d9baa59da9f10d0c70bbb83e35de0e629ef04b6fa2602bf8c8541cd2dc11a88b9b4f37bc7dfdba8f026b2f8f1cba0b55a16f46d512286d00b1b27f
- SSDEEP
  
  3072:1Vb72u+TCMkA6o7UdwOI5AD9OKbTBOUEs64BRg40nPFblFTJ:nbqu+TsA6eUdTISx1PBUeBRgPlh
Score

10^/10

asyncrat venom clients discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenom clientsdiscoveryrat

behavioral2

asyncratvenom clientsdiscoveryrat