asyncrat | da11a2056d3d8d11ed7e45772fa3ceca3495759b3c200271c12ff4a3cd9f2f93 | Triage

Sharing

General

Target

6449.exe
Size

234KB
Sample

250130-mpngnsymhx
MD5

ed9902c806bf40a5feb79ef29c4c2622
SHA1

aa65fd7f5e96deb0ed647a608171e170e08393a7
SHA256

da11a2056d3d8d11ed7e45772fa3ceca3495759b3c200271c12ff4a3cd9f2f93
SHA512

156a71e1de65b2c825914f61d8430862e0a655bed28547e7f8e856d2f1cdab1dd20d8b8b8b390dc3b095a19d17ba8faac78f6e68fba6dace1ee6e34ddd772601
SSDEEP

6144:4zWPYSc7LT8VFna9pXysJkIddwXQeYBayx4x28WQbNHx/b8ew:4z4s0Fa9IsJ3Fgg48QbNHh1w

Score

10^/10

asyncrat default defense_evasion discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

hmydzmicrk

Attributes

delay
1
install
true
install_file
NIVDIA CONTAINER.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/1CTFVWdd

aes.plain

Targets

- Target
  
  6449.exe
- Size
  
  234KB
- MD5
  
  ed9902c806bf40a5feb79ef29c4c2622
- SHA1
  
  aa65fd7f5e96deb0ed647a608171e170e08393a7
- SHA256
  
  da11a2056d3d8d11ed7e45772fa3ceca3495759b3c200271c12ff4a3cd9f2f93
- SHA512
  
  156a71e1de65b2c825914f61d8430862e0a655bed28547e7f8e856d2f1cdab1dd20d8b8b8b390dc3b095a19d17ba8faac78f6e68fba6dace1ee6e34ddd772601
- SSDEEP
  
  6144:4zWPYSc7LT8VFna9pXysJkIddwXQeYBayx4x28WQbNHx/b8ew:4z4s0Fa9IsJ3Fgg48QbNHh1w
Score

10^/10

asyncrat default defense_evasion discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Deobfuscate/Decode Files or Information

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdefense_evasiondiscoveryrat