asyncrat | df606ef08b80c10d12a7372505f51e2641b263ded0280edcaf9085e7419b5f3e | Triage

Submit
Reports

Overview

overview

Static

static

7

Client_protected.exe

windows7-x64

Client_protected.exe

windows10-2004-x64

Client_protected.exe

windows10-ltsc 2021-x64

Client_protected.exe

windows11-21h2-x64

Sharing

General

Target

Client_protected.exe
Size

6.5MB
Sample

241228-sxzskaypcw
MD5

19574d1c471ceaa99d0d05321e7beba4
SHA1

9c192eee06421e8a557b0afe0355545bae5366e6
SHA256

df606ef08b80c10d12a7372505f51e2641b263ded0280edcaf9085e7419b5f3e
SHA512

b73a16cd6f529cb8688b96f7039cfbca49c191b32b2240b56681125a4f8f63ceb625ae0077d1a845319f1a035524f314c95c3ef259cc7d284d7b557460db3244
SSDEEP

98304:ytpOyr9VNf1P2tLnkJfA5Wmon5miZlE5aJ4aoAqq1k4MjNU+3:Z+jZ+5NgFbMy4

Score

10^/10

asyncrat default discovery evasion rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Client_protected.exe

Resource

win7-20240729-en

asyncrat default discovery evasion rat themida trojan

windows7-x64

9 signatures

30 seconds

Behavioral task

behavioral2

Sample

Client_protected.exe

Resource

win10v2004-20241007-en

asyncrat default discovery evasion rat themida trojan

windows10-2004-x64

10 signatures

30 seconds

Behavioral task

behavioral3

Sample

Client_protected.exe

Resource

win10ltsc2021-20241211-en

asyncrat default discovery evasion rat themida trojan

windows10-ltsc 2021-x64

10 signatures

30 seconds

Behavioral task

behavioral4

Sample

Client_protected.exe

Resource

win11-20241007-en

asyncrat default discovery evasion rat themida trojan

windows11-21h2-x64

10 signatures

30 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

85.198.108.36:7667

Mutex

egghlcckqridunl

Attributes

delay
6
install
false
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Client_protected.exe
- Size
  
  6.5MB
- MD5
  
  19574d1c471ceaa99d0d05321e7beba4
- SHA1
  
  9c192eee06421e8a557b0afe0355545bae5366e6
- SHA256
  
  df606ef08b80c10d12a7372505f51e2641b263ded0280edcaf9085e7419b5f3e
- SHA512
  
  b73a16cd6f529cb8688b96f7039cfbca49c191b32b2240b56681125a4f8f63ceb625ae0077d1a845319f1a035524f314c95c3ef259cc7d284d7b557460db3244
- SSDEEP
  
  98304:ytpOyr9VNf1P2tLnkJfA5Wmon5miZlE5aJ4aoAqq1k4MjNU+3:Z+jZ+5NgFbMy4
Score

10^/10

asyncrat default discovery evasion rat themida trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryevasionratthemidatrojan

behavioral2

asyncratdefaultdiscoveryevasionratthemidatrojan

behavioral3

asyncratdefaultdiscoveryevasionratthemidatrojan

behavioral4

asyncratdefaultdiscoveryevasionratthemidatrojan

© 2018-2024

Terms | Privacy