asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

Nezur_Executor (4).zip
Size

36.7MB
Sample

241227-pjx52avnav
MD5

4b710e0184e50c8adf76f9996b0c1d52
SHA1

086b88dd56fc21f6b9b45ad798fb709e0eb663c7
SHA256

c846a3079596e48c2f812732b78ac764349c683d5db62a374807decfe383226a
SHA512

722ae90e3827b1d1d364606fce319ade467d2804aa697bb9394e0277d18d4e79fd66e2dbc17d97b073927f245cdc422551e0cbd3aa7de8d941ecb8d3de93318c
SSDEEP

786432:bM3yGuq0MEB4ru+d3v1dA/M3yGuq0MEB4ru+d3v1dAqSNCkSSNCuM:bM36qSqrPtv1d+M36qSqrPtv1dNS4PSO

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

Mutex

jiqbzsjfarhpqni

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Nezur_Executor/Microsoft.Extensions.FileSystemGlobbing.dll
- Size
  
  44KB
- MD5
  
  470ad714b6cb486c3a64a918e72497a7
- SHA1
  
  13583e2627ff47fa64c192d8f91e06c4472e6cda
- SHA256
  
  ed0855b522f09b5a9ddbb85de62042c25e07d10044086da8620c845de41e473c
- SHA512
  
  6237af61b1f592fd10692906024fc970cd41f3db971c2a869aed392ad686a904edb19dae81cc247b691a26a7e5e554affdf0853b1e29938d6cea799e20343c77
- SSDEEP
  
  768:m0PO7gRE3x5o7UP04wqgYtqPRw02KO7I9Yfwbhgv5NFcEn9zT8n3:m02GE3xOwP04wqgYtm2nQY4Ngv5NFT96
Score

1^/10
behavioral1 behavioral2
- Target
  
  Nezur_Executor/Microsoft.Web.WebView2.Core.dll
- Size
  
  575KB
- MD5
  
  ae3a2648bf76a4dfc83d5e0dcb68f3d4
- SHA1
  
  9c33e130e4f071f700321312317d0d66b2b3d8a4
- SHA256
  
  8ce541fab9d6334a97b6981e2ff1a72aa7979df913e93cb5be1536de0667cc5d
- SHA512
  
  8bb3dbb95386ccc5450fe0fd0853382092af8660009112646dca13f934e766b503fa7d9c1c91322326e0c9bae0df9643cbb2f101f256615a3b66e89d93e92aa5
- SSDEEP
  
  12288:emV6hdWrpQ322vy+uFKcDguRFNEMFeu+imQ269pRFZNIEJdIEY0lxEIPrEIgcvLz:j/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Nezur_Executor/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  0582173917034dc688d21a0307110809
- SHA1
  
  ac3ffb19925eee8edc4568b1715bf873784814c4
- SHA256
  
  4921c17b3cf8225a380ab1a07682fa57fcb50dc42669a010e8acb28739f418d4
- SHA512
  
  3da9b59ba73a151db587e24aea79153b607984d6a48fdce769d77b47ad72eb66c412e026363abcb096ca562a1938a260c8de4a81774bef83278e117ef4b79984
- SSDEEP
  
  768:fHNav/17oaKzbvttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZG4Kju6b+5ol:1avYvttZDgcEST3p4JjrjaJ+SG2au4xo
Score

1^/10
behavioral5 behavioral6
- Target
  
  Nezur_Executor/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  81KB
- MD5
  
  c7984acb66b1dd21f9f88113f7f295be
- SHA1
  
  4d6cc744c3ce66a79f5fe05913909919b6042d28
- SHA256
  
  d90b35a7804412550364088d8dd0402422d1ba23c8f0b2a845c043d032dc0304
- SHA512
  
  364fced6b4e3abb8dd40c49380aec218da394f485a1eb5c8f82d994d1fbcd7e08616e306fb06f8d0b198ec2ff7f0f580b8fd6d4586da4414d5ba237c5595e99c
- SSDEEP
  
  1536:6VzQfLOHAjUIOL3VwnhZ8fYSDHf9WyER30mpc4Jjr4YeUq9GhVU0o2zQvUuakWUp:Wcfyg4IjhZ8TDHf9c30mpc4Jjr4YeUqT
Score

1^/10
behavioral7 behavioral8
- Target
  
  Nezur_Executor/Nezur.dll
- Size
  
  15.2MB
- MD5
  
  79b4048105f34e39143b5ec9cbbb754c
- SHA1
  
  270edf0a5d5e5801171435b5f8c813cbac3ebc20
- SHA256
  
  9a2601c7d10b7fb896429cc13ca6961f29dfc594b6eb1d4f7bebd36d4513a6d7
- SHA512
  
  e148df038131a5a4fece47c22286d0c5638e21019213d4c840abf277a23456422873a4ba5535f926ffb4bb12771393d8316306709f2cfb0354e4b2c9cbf44c4e
- SSDEEP
  
  393216:2EI9J9jTykIBEJy66FfEGdDS7OVIkXPqgK1SLoj:2t1mkIWg66LDS7UIkX/wSE
Score

7^/10

themida
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  Nezur_Executor/Nezur_Executor/Microsoft.Extensions.FileSystemGlobbing.dll
- Size
  
  44KB
- MD5
  
  470ad714b6cb486c3a64a918e72497a7
- SHA1
  
  13583e2627ff47fa64c192d8f91e06c4472e6cda
- SHA256
  
  ed0855b522f09b5a9ddbb85de62042c25e07d10044086da8620c845de41e473c
- SHA512
  
  6237af61b1f592fd10692906024fc970cd41f3db971c2a869aed392ad686a904edb19dae81cc247b691a26a7e5e554affdf0853b1e29938d6cea799e20343c77
- SSDEEP
  
  768:m0PO7gRE3x5o7UP04wqgYtqPRw02KO7I9Yfwbhgv5NFcEn9zT8n3:m02GE3xOwP04wqgYtm2nQY4Ngv5NFT96
Score

1^/10
behavioral11 behavioral12
- Target
  
  Nezur_Executor/Nezur_Executor/Microsoft.Web.WebView2.Core.dll
- Size
  
  575KB
- MD5
  
  ae3a2648bf76a4dfc83d5e0dcb68f3d4
- SHA1
  
  9c33e130e4f071f700321312317d0d66b2b3d8a4
- SHA256
  
  8ce541fab9d6334a97b6981e2ff1a72aa7979df913e93cb5be1536de0667cc5d
- SHA512
  
  8bb3dbb95386ccc5450fe0fd0853382092af8660009112646dca13f934e766b503fa7d9c1c91322326e0c9bae0df9643cbb2f101f256615a3b66e89d93e92aa5
- SSDEEP
  
  12288:emV6hdWrpQ322vy+uFKcDguRFNEMFeu+imQ269pRFZNIEJdIEY0lxEIPrEIgcvLz:j/
Score

1^/10
behavioral13 behavioral14
- Target
  
  Nezur_Executor/Nezur_Executor/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  0582173917034dc688d21a0307110809
- SHA1
  
  ac3ffb19925eee8edc4568b1715bf873784814c4
- SHA256
  
  4921c17b3cf8225a380ab1a07682fa57fcb50dc42669a010e8acb28739f418d4
- SHA512
  
  3da9b59ba73a151db587e24aea79153b607984d6a48fdce769d77b47ad72eb66c412e026363abcb096ca562a1938a260c8de4a81774bef83278e117ef4b79984
- SSDEEP
  
  768:fHNav/17oaKzbvttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZG4Kju6b+5ol:1avYvttZDgcEST3p4JjrjaJ+SG2au4xo
Score

1^/10
behavioral15 behavioral16
- Target
  
  Nezur_Executor/Nezur_Executor/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  81KB
- MD5
  
  c7984acb66b1dd21f9f88113f7f295be
- SHA1
  
  4d6cc744c3ce66a79f5fe05913909919b6042d28
- SHA256
  
  d90b35a7804412550364088d8dd0402422d1ba23c8f0b2a845c043d032dc0304
- SHA512
  
  364fced6b4e3abb8dd40c49380aec218da394f485a1eb5c8f82d994d1fbcd7e08616e306fb06f8d0b198ec2ff7f0f580b8fd6d4586da4414d5ba237c5595e99c
- SSDEEP
  
  1536:6VzQfLOHAjUIOL3VwnhZ8fYSDHf9WyER30mpc4Jjr4YeUq9GhVU0o2zQvUuakWUp:Wcfyg4IjhZ8TDHf9c30mpc4Jjr4YeUqT
Score

1^/10
behavioral17 behavioral18
- Target
  
  Nezur_Executor/Nezur_Executor/Nezur.dll
- Size
  
  15.2MB
- MD5
  
  79b4048105f34e39143b5ec9cbbb754c
- SHA1
  
  270edf0a5d5e5801171435b5f8c813cbac3ebc20
- SHA256
  
  9a2601c7d10b7fb896429cc13ca6961f29dfc594b6eb1d4f7bebd36d4513a6d7
- SHA512
  
  e148df038131a5a4fece47c22286d0c5638e21019213d4c840abf277a23456422873a4ba5535f926ffb4bb12771393d8316306709f2cfb0354e4b2c9cbf44c4e
- SSDEEP
  
  393216:2EI9J9jTykIBEJy66FfEGdDS7OVIkXPqgK1SLoj:2t1mkIWg66LDS7UIkX/wSE
Score

7^/10

themida
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral19 behavioral20
- Target
  
  Nezur_Executor/Nezur_Executor/Nezur_Interface.dll
- Size
  
  6.4MB
- MD5
  
  5e975740e102716f97f71abeaf5dcf62
- SHA1
  
  d57a5e40cb351eb739cffd24a6855ab21654063f
- SHA256
  
  f07c2a215d43e783f096810a3a89cdd8c3cd99b56c774e7cdb5ab399cc73bd36
- SHA512
  
  dd1ed65c09c6ae815b174b1eea0817f155bbf7541fc48aa0e63c51358a8b3948474e956adf1c6ec3713c49b524402603193a7bd8cb03710175e65b0b3b226d6e
- SSDEEP
  
  98304:AQuiXvqdeO4pbZVj9JPgBzjYz067yqu/mnFQOi33nFbO4KSgPTPgS8NAvKBUuYJg:ARiSZO9S2fasv+Bpt
Score

1^/10
behavioral21 behavioral22
- Target
  
  Nezur_Executor/Nezur_Executor/Nezur_ui.exe
- Size
  
  133KB
- MD5
  
  07644a7711c1ee3a1711aeed3882028d
- SHA1
  
  3b8f9e62bee546cd4d8e17a9b250a26d9856d033
- SHA256
  
  d9a0e721ee6c951e3db30e40ae0329cca79f29313d6fd48b3598ba5fe659669b
- SHA512
  
  c526cbf84717578e7c29440c17f5cc8d2bd373bacfac5e6c10b3c1909893451d7b9a4a3bf6aadb158eb5fcae51415480d3c12d92276d1de958a16694e4b7a6ee
- SSDEEP
  
  3072:mUUcxjVLLCPPMVOe9VdQsH1bfjz2wTuQ/PY:mcCPPMVOaesVbrz24
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
behavioral23 behavioral24
- Target
  
  Nezur_Executor/Nezur_Executor/runtimes/win-arm64/native/WebView2Loader.dll
- Size
  
  136KB
- MD5
  
  232e9d314b9bb9e677b1d79c7dc54e44
- SHA1
  
  5ad36b7a527acd76e7f5414459ba61ea319bd120
- SHA256
  
  dbd30934e8fb2706722a2b874719d62cbed47b1e473e3f684a66648e91f93def
- SHA512
  
  504230199dea2c72c47374240a6ef66fc648208bb5f01520d057dbdf13fb04f3508e1edfc2f2db3d6b8f7321d0d150d9192b7a20a4465b702b10126e1a2861be
- SSDEEP
  
  3072:rwe4zkOpEbtYRLMPM6OSRTA0gWEtJW9VDX4B2TX:UeEkOebMqgWEtJiVDX5b
Score

1^/10
behavioral25 behavioral26
- Target
  
  Nezur_Executor/Nezur_Executor/runtimes/win-x64/native/WebView2Loader.dll
- Size
  
  161KB
- MD5
  
  3fac859547077abafe806ff1e4709f47
- SHA1
  
  0366df220c5d224ee64a42c929574407d2e6d2c9
- SHA256
  
  f4d811cda483adb33220c5a856c5ec8dca3a095fde54b44f08e1279a6a5efd33
- SHA512
  
  9b7b7aabf6bdc11dfd74430336e02d7d2b96b6bbf352f1e2d158a4900bead364900820af56cf9af25366ff5704e2ffcc2458d45dc3efe00ebd0843d127ab7435
- SSDEEP
  
  3072:JX1/Z3TlTRTFOYfThTNTvDbS2bT4wdovPEKdIMsb1Z5AalipT3YEtJ5+PON2Yo:JDTlTRTFOYfThTNTvDhvZkPEKdI7pxEG
Score

1^/10
behavioral27
- Target
  
  Nezur_Executor/Nezur_Executor/runtimes/win-x86/native/WebView2Loader.dll
- Size
  
  113KB
- MD5
  
  999f67ef1a2d06beeaf85ec9b5d5d73d
- SHA1
  
  644b1768f8675b29fb53a51edb5d344fdf55946c
- SHA256
  
  4c24ade2c2a4cf652529fdf4259743fec824c628bdc056fc5c76c29e30e7c06c
- SHA512
  
  6399fda1c54bd26ce82b7d48ac1b7c9741d5abf68a67bd62ec53ea2a1f82caac2e9bfdb1cb22f5af3c8ca6f4789a888f6519e02941f6c33f6f9d3b0e58eb56f4
- SSDEEP
  
  3072:OnbFYqJx7sXRq2KVs9iiamgqeNZPTj7EtJlAlHJcgf4fm9pS:OZYqJx4gkYiavEtJe9f2mbS
Score

3^/10

discovery
behavioral28
- Target
  
  Nezur_Executor/Nezur_Executor/workspace/vape/GuiLibrary.lua
- Size
  
  319KB
- MD5
  
  ac1cee0caefeed479df85604e69873c6
- SHA1
  
  204e0f0793fd1e707d06d957c57b7a4c6fa471fa
- SHA256
  
  0521f91ffdfd8906464a0b79300b999335edb2f3cdb902093a2dfb25edf7beb1
- SHA512
  
  c1793b507653f37ff2bb8abf8d212fda57edd738bdb0cc84196e7d7d064069b07d7b47a95ca6f8ec6db8bf9a39a4d0b6465a12133f9c3be04887dc1687ad7154
- SSDEEP
  
  3072:6fmwRHjS0ObMPjVw+usbpNpz4hXwz5Ts45FjKbnFNMDnlaAXiUk81r89k:6fJhus5OAmhyfhwk
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Nezur_Executor/Nezur_Executor/workspace/vape/MainScript.lua
- Size
  
  83KB
- MD5
  
  4e3739d68f5985ab3797ab33e0975cdd
- SHA1
  
  7c37faf5a8643a5190ba286b630c9d3fe5bf32af
- SHA256
  
  3befe40113dd767799be851b50d23a56923ea296d2b50b3051a5764e18bd5641
- SHA512
  
  679faf5fa0f189eef742360cd5efecc429760544a0a6002fab8ea66d04c59202113ca1df804cc50af2adb9dba5ce94407ff22f0f1e7074d3d2ff8f703b5d5d9e
- SSDEEP
  
  768:aABxHBr9wodvBHW50nmXsWjk1jpVxjfjTIkjblSBd4UN6j0jo/QIIj8j8jLzYvDj:zh9lNDZL3QwxBXpEJxrSCNhPKydZlM
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Themida packer

Suspicious use of NtSetInformationThreadHideFromDebugger

Themida packer

Suspicious use of NtSetInformationThreadHideFromDebugger

Asyncrat family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32