asyncrat

General

Target

VenomRAT-V5.6-HVNC.rar
Size

44.7MB
Sample

241230-dqlvsswnhm
MD5

3359e400772b429af1a1c5b2f06ad301
SHA1

bdedb4c410ba58392feefcda17ec18c9ec5e45db
SHA256

b460cb71a7c6a0ef8f1f92dc52c237a41a783fa5d2925362eb0ab3db51420e71
SHA512

63f5c3a773dc4d3ff44aef6b318e1e23c3befecf3a1263f4f45c132c487dae8fe9f0a2512a3699ae70c8b602ca83e672be8b18b0f9be60693c600a70b08f2f4a
SSDEEP

786432:G42E0fcdbuf9QZZEdyvV554KDYKiQ7mKv9Ewf91HZOrck8+xUhJZkwhNc:GbE0fk6FkZEdKV5i2BiQKaEwHHZIAJZK

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

v15.4.1 | Venom

C2

dofucks.com:12482

private115.duckdns.org:12482

Mutex

adf10731-c83d-4166-9137-39d0b1e48856

Attributes

encryption_key
C84CB6134701741C5122A14FACDB67C8CFA9C0AB
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
3000
startup_key
$sxr-seroxen

Targets

- Target
  
  VenomRAT-V5.6-HVNC/Stub/Client.exe
- Size
  
  60KB
- MD5
  
  324ef4e2187cb8fb01f9ce7b7803c79c
- SHA1
  
  f87c6d87f08fcc78a3a8312bc767f81c397be810
- SHA256
  
  a59354e798768e068f79816146d9f7b41e0003c50d5d8c82602fc16a16962999
- SHA512
  
  a621a85453ccf5426ec0732b26d238c26cf29466d5f0138bfd725fe922437401223df2b50b18ae96be73b15ba39bce9e61cdfac87a81a97d9e88cd23a845430d
- SSDEEP
  
  1536:AcSD4758ocxx8OKNhYEMWyhoTTI+xkrypqKmY7:AcSD475jcxx8OWiovI+xkrRz
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
behavioral1 behavioral2
- Target
  
  VenomRAT-V5.6-HVNC/Venom RAT + HVNC.exe
- Size
  
  15.5MB
- MD5
  
  c9a19172aec8f4d35aabe33d2123d53c
- SHA1
  
  24f5dc16f84b7096d2561b628ee22e4aa3fb65a3
- SHA256
  
  51505fab78a7b318bcae9d3005fd3035517141abed16054541c29c03bb9af4ea
- SHA512
  
  cde593b070d0ea9067651fe107099621c3e1351ad00cf1c641b211fbb4adb380fb83d7a6276cff1e11496f43fc776c603f12ee67aacf0effaf192b4a53199994
- SSDEEP
  
  196608:IA5PPrnA5PPr3lAA5PPrJSe6PC7aIahLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95Un:LebljNd60T7P+Zw6NLIsFfskh1BmXG
Score

10^/10

quasar v15.4.1 | venom defense_evasion discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral3 behavioral4