asyncrat | 4fe449d036c64073e840b18ba90368b895159740ee8596476e42125477a70ed7 | Triage

Sharing

General

Target

4fe449d036c64073e840b18ba90368b895159740ee8596476e42125477a70ed7.exe
Size

551KB
Sample

250103-d2ekvsxpax
MD5

acb979b81c2acf8de8925ac44a607e48
SHA1

9be1e0bb48c9343c22f292089e4931f0ce739421
SHA256

4fe449d036c64073e840b18ba90368b895159740ee8596476e42125477a70ed7
SHA512

41b4e517540a5b2f225f967424c2d009cc85bb6d77398507770b1b474a4ebfd2361f695f380f6c9291cf627e693ba057b4a05c55b52f5c7e5780d37af4c15a01
SSDEEP

12288:lxX3xXFdZd9HdkGIwHNLfh2AnX9TML8wHbC708POrXNiH19m9IWIu/rqkR:fzrd9HdkGIONLh2AnXkv8PeUL5WIyp

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

185.208.158.187:4449

Mutex

tnybaidkzovl

Attributes

delay
10
install
true
install_file
NotepadUpdate.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  4fe449d036c64073e840b18ba90368b895159740ee8596476e42125477a70ed7.exe
- Size
  
  551KB
- MD5
  
  acb979b81c2acf8de8925ac44a607e48
- SHA1
  
  9be1e0bb48c9343c22f292089e4931f0ce739421
- SHA256
  
  4fe449d036c64073e840b18ba90368b895159740ee8596476e42125477a70ed7
- SHA512
  
  41b4e517540a5b2f225f967424c2d009cc85bb6d77398507770b1b474a4ebfd2361f695f380f6c9291cf627e693ba057b4a05c55b52f5c7e5780d37af4c15a01
- SSDEEP
  
  12288:lxX3xXFdZd9HdkGIwHNLfh2AnX9TML8wHbC708POrXNiH19m9IWIu/rqkR:fzrd9HdkGIONLh2AnXkv8PeUL5WIyp
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat