asyncrat | dcf06da768b714ec1af94d58e4f9c6125a2f45dc269aaa7cede67c7ea528dc99 | Triage

Submit
Reports

Overview

overview

Static

static

3

4ce381358b...f8.exe

windows7-x64

7

4ce381358b...f8.exe

windows10-2004-x64

Sharing

General

Target

4ce381358bde90843640ac7cc0d59f4c4066adf1f26db2e6ba4130e9f72b6af8.zip
Size

1.8MB
Sample

250208-z2plqatnav
MD5

e525c5d5a029416d61ac0ecd962d2da2
SHA1

eac0e782eca338a0214a50ab07f72e5f219e30d6
SHA256

dcf06da768b714ec1af94d58e4f9c6125a2f45dc269aaa7cede67c7ea528dc99
SHA512

1456c81c801a711d866fd65859f0be531c15f7b3fada45f80fc2fb2c66d1e5ed7850de4f69bdd8c53374b26718deeb08f7fc3bb8c453a6807832d86833a7371b
SSDEEP

49152:LK/15zYLcyLN8QU1ioYqQXFheYPs9TuZc0P4:O/1qcyLJwiWMFEqSZk4

Score

10^/10

asyncrat venomrat default discovery execution rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ce381358bde90843640ac7cc0d59f4c4066adf1f26db2e6ba4130e9f72b6af8.exe

Resource

win7-20241010-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ce381358bde90843640ac7cc0d59f4c4066adf1f26db2e6ba4130e9f72b6af8.exe

Resource

win10v2004-20250207-en

asyncrat venomrat default discovery execution rat

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

v1.2.2

Botnet

Default

C2

27.124.4.150:51311

Mutex

owgonhhweps

Attributes

delay
5
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  4ce381358bde90843640ac7cc0d59f4c4066adf1f26db2e6ba4130e9f72b6af8.exe
- Size
  
  1.9MB
- MD5
  
  1f2be558a74cb83afab86147e70d87d6
- SHA1
  
  67aa1ef5fca4e3e720feb6080d0f1ac20b503b26
- SHA256
  
  4ce381358bde90843640ac7cc0d59f4c4066adf1f26db2e6ba4130e9f72b6af8
- SHA512
  
  5f8af4ea3bd3a5078b91d086ef1d4d1a9d88f2065621eb76ce21573e02144deab5f6e33d65a0525caff1387e5bbfa1ea4bb3f288e60045efcf7a82d5f57e87a9
- SSDEEP
  
  49152:33X/qQfkYzgrW/r1DNKHOkjSKwgRVRm9SMHGVa52a:nTfccDMRSKTVRmQi3
Score

10^/10

discovery asyncrat venomrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratvenomratdefaultdiscoveryexecutionrat

© 2018-2025

Terms | Privacy