asyncrat | c5634454eded38fdff4aa2966f68c4a969f705cd9ad266d48e169a12a66f8a77 | Triage

Sharing

General

Target

PO-VS037069410113706941011_19_02_25.exe
Size

938KB
Sample

250219-hcydwszkft
MD5

d334528a305db04cd6c086958e317850
SHA1

7edd4e5013e541f81a84a3eb95f63c679c65197b
SHA256

c5634454eded38fdff4aa2966f68c4a969f705cd9ad266d48e169a12a66f8a77
SHA512

d6a9dcbe3f663d851e184e727676fb25ecc4e89c93225a7de282adf28464eb5df6764b720c01ec68177083849e56fde8a610e6fc4fd33396629de14f4204e83f
SSDEEP

6144:TM+EbbrRkif+eH2fES69xx8FZjATa3rcfwXJ8+3NWVQL0S+aNV1M9c0cPiQMWw2D:o+EbbrRBm+89mw1J/aQC2PqGvyrQ

Score

10^/10

asyncrat venomrat feb 19 logs discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

FEB 19 LOGS

Mutex

dbwxbwyzgarszgoi

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/93hjERwM

aes.plain

Targets

- Target
  
  PO-VS037069410113706941011_19_02_25.exe
- Size
  
  938KB
- MD5
  
  d334528a305db04cd6c086958e317850
- SHA1
  
  7edd4e5013e541f81a84a3eb95f63c679c65197b
- SHA256
  
  c5634454eded38fdff4aa2966f68c4a969f705cd9ad266d48e169a12a66f8a77
- SHA512
  
  d6a9dcbe3f663d851e184e727676fb25ecc4e89c93225a7de282adf28464eb5df6764b720c01ec68177083849e56fde8a610e6fc4fd33396629de14f4204e83f
- SSDEEP
  
  6144:TM+EbbrRkif+eH2fES69xx8FZjATa3rcfwXJ8+3NWVQL0S+aNV1M9c0cPiQMWw2D:o+EbbrRBm+89mw1J/aQC2PqGvyrQ
Score

10^/10

asyncrat venomrat feb 19 logs discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Modifies WinLogon for persistence
  persistence
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenomratfeb 19 logsdiscoverypersistencerat

behavioral2

discoverypersistence