asyncrat | 01b360f4da3ffee6ed1837fa4c1ba8349f69363d96715bcee9cf3053a375c5db | Triage

Sharing

General

Target

01b360f4da3ffee6ed1837fa4c1ba8349f69363d96715bcee9cf3053a375c5db
Size

1.2MB
Sample

250212-ky5q7svmhz
MD5

19f620e49d6cdf3e50566062b0a53d1d
SHA1

ce2acd613548383ab8e69ecfc665b451d85d446b
SHA256

01b360f4da3ffee6ed1837fa4c1ba8349f69363d96715bcee9cf3053a375c5db
SHA512

7f8473d29c779e0847c31e4010c1025bc8c19c3d0836be549798e537637d5a6afa5e91f937196fc845a074968620162f8a41904aa4b1721ad284a940dba23095
SSDEEP

24576:4AHXQIr7l0JTzo8RspiZXR94GuaDgsgrxm9OCcaPjWy38l1XSRlDCTFB34Mcokx3:5rZn+spmPuaDFMOQZytUFB34Qmic3

Score

10^/10

asyncrat venomrat jan discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

JAN

Mutex

qnxsdyjsfdtxvg

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/Ax2bm8Nk

aes.plain

Targets

- Target
  
  144000097082_20250101_20250211_40479.exe
- Size
  
  1.5MB
- MD5
  
  8559ce3fb23e0ebe23d299bb92f4e8c3
- SHA1
  
  717f98088e5e6cbf8975635706d04dc7807889f4
- SHA256
  
  e19a495d86511aeff9e577eea8af7f6894909553460c63066813e488e42061db
- SHA512
  
  92c4841c60e810c023598d29e45ea90d3d8b7c332d727fa107cd8134c6979d061c002db83b584aaa5f80eb1ae3c12d99e8e53ec6d01d71be79e06e77be025bcc
- SSDEEP
  
  24576:VKBnz2UxqpUB9R9UGEiDRKt0x/gcpouZGXFh0DA5Jke4w3MDyupBif3x:VzKqpefEic6xlCp0yOe48E9pBif3x
Score

10^/10

asyncrat venomrat jan discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Modifies WinLogon for persistence
  persistence
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenomratjandiscoverypersistencerat

behavioral2

discoverypersistence