asyncrat | 4ce381358bde90843640ac7cc0d59f4c4066adf1f26db2e6ba4130e9f72b6af8 | Triage

Submit
Reports

Overview

overview

Static

static

3

ksUu.exe

windows7-x64

7

ksUu.exe

windows10-2004-x64

Sharing

General

Target

ksUu.exe
Size

1.9MB
Sample

250208-zewrhssmcx
MD5

1f2be558a74cb83afab86147e70d87d6
SHA1

67aa1ef5fca4e3e720feb6080d0f1ac20b503b26
SHA256

4ce381358bde90843640ac7cc0d59f4c4066adf1f26db2e6ba4130e9f72b6af8
SHA512

5f8af4ea3bd3a5078b91d086ef1d4d1a9d88f2065621eb76ce21573e02144deab5f6e33d65a0525caff1387e5bbfa1ea4bb3f288e60045efcf7a82d5f57e87a9
SSDEEP

49152:33X/qQfkYzgrW/r1DNKHOkjSKwgRVRm9SMHGVa52a:nTfccDMRSKTVRmQi3

Score

10^/10

asyncrat venomrat default discovery execution rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ksUu.exe

Resource

win7-20241010-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ksUu.exe

Resource

win10v2004-20250207-en

asyncrat venomrat default discovery execution rat

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

v1.2.2

Botnet

Default

C2

27.124.4.150:51311

Mutex

owgonhhweps

Attributes

delay
5
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ksUu.exe
- Size
  
  1.9MB
- MD5
  
  1f2be558a74cb83afab86147e70d87d6
- SHA1
  
  67aa1ef5fca4e3e720feb6080d0f1ac20b503b26
- SHA256
  
  4ce381358bde90843640ac7cc0d59f4c4066adf1f26db2e6ba4130e9f72b6af8
- SHA512
  
  5f8af4ea3bd3a5078b91d086ef1d4d1a9d88f2065621eb76ce21573e02144deab5f6e33d65a0525caff1387e5bbfa1ea4bb3f288e60045efcf7a82d5f57e87a9
- SSDEEP
  
  49152:33X/qQfkYzgrW/r1DNKHOkjSKwgRVRm9SMHGVa52a:nTfccDMRSKTVRmQi3
Score

10^/10

discovery asyncrat venomrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratvenomratdefaultdiscoveryexecutionrat

© 2018-2025

Terms | Privacy