asyncrat | 315f7e2e7ca202c083ee3d1efbbd1b8cbde0ce11383fde5d2cbfd11d9aa50e9d | Triage

Sharing

General

Target

315f7e2e7ca202c083ee3d1efbbd1b8cbde0ce11383fde5d2cbfd11d9aa50e9d
Size

659KB
Sample

250123-1ya5laxkel
MD5

5ad1c8d2082e5d6526d4399d4b8000c1
SHA1

ba39bbe677be6c0d9c3cf8248d7a1065875ba9f2
SHA256

315f7e2e7ca202c083ee3d1efbbd1b8cbde0ce11383fde5d2cbfd11d9aa50e9d
SHA512

ec0fa55902402338483d9d3ede538ded7720d31408e471391443d399c1c19308bce4d3e288f4278de8762502dea787ded3cc7beebf71699810580afae5ec0cb9
SSDEEP

12288:VUZmIO8Dfmr2/XTGh5lGJFi3dS1p2qcToaPKDrzVkR:VUZtfh/XCUJS41p2ZoaSvzo

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

154.216.20.182:8000

Mutex

fohacwesdyrtvqfvidw

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  315f7e2e7ca202c083ee3d1efbbd1b8cbde0ce11383fde5d2cbfd11d9aa50e9d
- Size
  
  659KB
- MD5
  
  5ad1c8d2082e5d6526d4399d4b8000c1
- SHA1
  
  ba39bbe677be6c0d9c3cf8248d7a1065875ba9f2
- SHA256
  
  315f7e2e7ca202c083ee3d1efbbd1b8cbde0ce11383fde5d2cbfd11d9aa50e9d
- SHA512
  
  ec0fa55902402338483d9d3ede538ded7720d31408e471391443d399c1c19308bce4d3e288f4278de8762502dea787ded3cc7beebf71699810580afae5ec0cb9
- SSDEEP
  
  12288:VUZmIO8Dfmr2/XTGh5lGJFi3dS1p2qcToaPKDrzVkR:VUZtfh/XCUJS41p2ZoaSvzo
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat