asyncrat

General

Target

staffbesting.rar
Size

358KB
Sample

250129-v4r3eatrex
MD5

961e2434f73d1ea24c9e390f839a2bf7
SHA1

5e5127fc1fb752d41b5e4feffa720272c884ae37
SHA256

644bf15ecd1fe95c3c559e130a2423618235661befac49ec017197936bf5efda
SHA512

07d7d71d3e7ec6c94cc4733112a65f0b5c0eb112092de8ea70e5f54b2c5c2cd7002323f9bcd8f2de781114be4d70ba5b8c16fabea9d8defa939ee1d5c629f586
SSDEEP

6144:50+LWIOQmUayBeHhBSN44WSuyltW5T0LGycZegsXz8HAVJbXHGSB2:50+L9OQtFNmriW5ILGbZQD8HAfme2

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

zzzxbdsybzu

Attributes

c2_url_file
https://paste.ee/r/COm4hFYr/0
delay
1
install
true
install_file
Systeam.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Stafbesting Ultimate/MessagePackLib.dll
- Size
  
  16KB
- MD5
  
  06247396be54c6ebb06fd6ca84ee80cc
- SHA1
  
  51fb23ff498a47c0be900ae43a7030f98794eb59
- SHA256
  
  669e42b6c6e94dc2735f281aa5b33c0d398b91960158ec556e521974b3be5843
- SHA512
  
  03d93f22aaf1bc0dc4d26b130aa1cb1668c14b854ff84803c8b2cc74625cda44970dd5be1b17865986eabb6966a7d65c226282becfd7963b72b8035990ffc299
- SSDEEP
  
  384:MmsTuBHbisehGr8LuUaBRWAHQLGS4EIp:n+uhvHaAwCxv
Score

1^/10
behavioral1
- Target
  
  Stafbesting Ultimate/Microsoft.Win32.Primitives.dll
- Size
  
  20KB
- MD5
  
  76b8d417c2f6416fa81eacc45977cea2
- SHA1
  
  7b249c6390dfc90ef33f9a697174e363080091ef
- SHA256
  
  5eaa2e82a26b0b302280d08f54dc9da25165dd0e286be52440a271285d63f695
- SHA512
  
  3b510cdc45c94be383c91687c2cb01a501ba34e3fbb66346214fc576d6f0e63c77d1d09c6419fc907f5b083387a7046c0670377ad2e00c3ec2e731275739f9c7
- SSDEEP
  
  384:/N9VWhX3WsQBm0GftpBjvmaQHRN7YlgaGn7rJd0:1GmViYL0Gff0
Score

1^/10
behavioral2
- Target
  
  Stafbesting Ultimate/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  715a1fbee4665e99e859eda667fe8034
- SHA1
  
  e13c6e4210043c4976dcdc447ea2b32854f70cc6
- SHA256
  
  c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e
- SHA512
  
  bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad
- SSDEEP
  
  12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
Score

1^/10
behavioral3
- Target
  
  Stafbesting Ultimate/STAFFBESTING ULTIMATE.exe
- Size
  
  236KB
- MD5
  
  f199439ba1c1e5b9ac2d9f55210cbd4a
- SHA1
  
  9ce26a30466e732d16d840842fae2d6f1adae673
- SHA256
  
  792a486598d655e04f11104c4262a6c0db8f28538799acccc7b3a169b6e533dc
- SHA512
  
  96d662eec309cfec6e317007945378be5d56490d34efa0b5e44a3691d1759ebea39aad277ee6e34b52c80d8bb600f88c12ef8002a80bf4ed316909659b15d7eb
- SSDEEP
  
  3072:vU7cxoyXkiPMVz6Xc1b5KcJlqQ6IC7D4NxUe+Cyy5GJA7lbYW46V0mHI5EZBY:vbkiPMVz0abTcbIC7UNvD15xaAo5En
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
behavioral4
- Target
  
  Stafbesting Ultimate/netstandard.dll
- Size
  
  96KB
- MD5
  
  0adf6f32f4d14f9b0be9aa94f7efb279
- SHA1
  
  68e1af02cddd57b5581708984c2b4a35074982a3
- SHA256
  
  8be4a2270f8b2bea40f33f79869fdcca34e07bb764e63b81ded49d90d2b720dd
- SHA512
  
  f81ac2895048333ac50e550d2b03e90003865f18058ce4a1dfba9455a5bda2485a2d31b0fdc77f6cbdfb1bb2e32d9f8ab81b3201d96d56e060e4a440719502d6
- SSDEEP
  
  1536:Q2Ec05j4eAH64rh5fSt5T9nFcI94WiVQTjpu:nlK4eA7mDmWqQXpu
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5