asyncrat

General

Target

Venom Rat 6.0.3.7z
Size

73.9MB
Sample

250127-29nqhayngz
MD5

521bfb8702853d807e0b7bffba132a97
SHA1

b3f39f1a22e2ebc5bdd4085c9f9a8f887ab9813e
SHA256

cde9c5a301e15dd10db1a9747fc95004b793c538f2ff4f9c05e52955b666b564
SHA512

23ce1c46f049c4c9d197f137c05fbc80466a4f34361cb60990708f6701dcc19971b1520e898646a85e6638830d5e8fcfedc63ea123fafcd029e3ad2be6a00fe6
SSDEEP

1572864:uVI5gzIBQ4OZRbwhtqmF8o4hdboY/y6/twvY17cI19ffUq:4IeIa4Atotq7hJoY/p/x17T9HUq

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

95.216.52.21:7575

Mutex

xdnqiaxygefjfoolgo

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

Mutex

jqftepbovsiy

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  66KB
- MD5
  
  3935ef8202cd8040741138a14b0655f0
- SHA1
  
  54cf02cf472111b57ac5329a408b2f858e2f3b86
- SHA256
  
  3a7efdc3d85adf7a5484ef17549db47be2a78b4b6892d93dd91958bb9a9edb82
- SHA512
  
  cbc24bde07ec9d1372869ce697ba3fcc76a7be2b75122af1f283160551dfc2dd18f77bc24ed0fff37b49dc7c8b0ffd41001f238595bec0c4761a5f4a79ec5ff1
- SSDEEP
  
  1536:0vWMO7xoQlzh4fZF9O8QQHFkYlTwVsbbXA/a2s9TDZVclN:HoR9O8QQHFk1sbbXh2sNzY
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
behavioral1
- Target
  
  Venom RAT + HVNC + Stealer + Grabber.exe
- Size
  
  14.2MB
- MD5
  
  3b3a304c6fc7a3a1d9390d7cbff56634
- SHA1
  
  e8bd5244e6362968f5017680da33f1e90ae63dd7
- SHA256
  
  7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58
- SHA512
  
  7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5
- SSDEEP
  
  196608:Nja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS14:qT+P+Zw6NLIsFfskh1BmXG04
Score

10^/10

asyncrat default defense_evasion discovery evasion execution persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies Windows Defender Real-time Protection settings
  defense_evasion trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral2