asyncrat | 5d22de6eb0a93b5b3165fe1c1ba16bada67e46763280a3ed89b9a24b14ab51eb | Triage

Sharing

General

Target

14022025_0254_wg55kN97.exe
Size

82.3MB
Sample

250214-djdwlszrdt
MD5

0a172e33c598f3d0a5b9d3fae3a881c3
SHA1

a3759026540e7b31c01a8eb0b6bf3c7c450f7733
SHA256

5d22de6eb0a93b5b3165fe1c1ba16bada67e46763280a3ed89b9a24b14ab51eb
SHA512

3d89604ee7abfc1df7b5a33a6a1b27899e7175c14fcaaa5f15d78020fe4b4755274d13e383e39ce7a520c6a50b9c8e0ed97aaa1757ee76b2958133aee68155a3
SSDEEP

393216:O76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfDnVQx4urYsANulL7NK:O0LoCOn+2Ds4urYDNulLBiuu

Score

10^/10

asyncrat venomrat default discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

176.65.141.235:4449

Mutex

ezsoybyltpcd

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  14022025_0254_wg55kN97.exe
- Size
  
  82.3MB
- MD5
  
  0a172e33c598f3d0a5b9d3fae3a881c3
- SHA1
  
  a3759026540e7b31c01a8eb0b6bf3c7c450f7733
- SHA256
  
  5d22de6eb0a93b5b3165fe1c1ba16bada67e46763280a3ed89b9a24b14ab51eb
- SHA512
  
  3d89604ee7abfc1df7b5a33a6a1b27899e7175c14fcaaa5f15d78020fe4b4755274d13e383e39ce7a520c6a50b9c8e0ed97aaa1757ee76b2958133aee68155a3
- SSDEEP
  
  393216:O76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfDnVQx4urYsANulL7NK:O0LoCOn+2Ds4urYDNulLBiuu
Score

10^/10

asyncrat venomrat default discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratvenomratdefaultdiscoverypersistencerat