asyncrat | 8da22cdf03c8ba9972fdd19ffe43e2367f31d183852f01c96abda61e462f3f46 | Triage

Sharing

General

Target

20022025_1553_19022025_9491700097082_20250101_20250211_40489.zip
Size

2.9MB
Sample

250220-te7wwsykfk
MD5

886b7c826967bc6dda7a7e0cf300371b
SHA1

2e328772e1c9b8f3b33e026badf07905739e4859
SHA256

8da22cdf03c8ba9972fdd19ffe43e2367f31d183852f01c96abda61e462f3f46
SHA512

8e67533d53ff3d56d34827bfa47142d2ec65b6073b776d12c0e38041e3a58825b33880b610f73bd1c109c1994be7732983bf037d1cba7534d9513a91ae26dac9
SSDEEP

49152:FOD3cGnHZLEii3sqJ76FLMmutF1tfM7YIJVDtSN+mVdA/f4Tig5B6ZW:acSZCsAcLutFvepHBSprAoTioBCW

Score

10^/10

asyncrat venomrat feb 19 discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

FEB 19

Mutex

cgkwgawwtvsvxsymd

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/Ax2bm8Nk

aes.plain

Targets

- Target
  
  9491700097082_20250101_20250211_40489.vbs
- Size
  
  59KB
- MD5
  
  ed21073856c03d1b0c3690cdc3acae54
- SHA1
  
  7080a7970f39ebc0928fd1563a39894c1b0b9daa
- SHA256
  
  8d8048f2936aa8f30891ba0bb4d6710aa4a13c4795122154d2fc5dad85c366d5
- SHA512
  
  c4948f3039ce07ba5e88eef975c3a3718f13acd2fa49472e0f99aebb2154babc26001391b715043b1670a0eb82a1ebfcee3d0b4ac515e8e1e7000bc51814cec5
- SSDEEP
  
  768:cMqKvuBXF44i4wbTHDudi0NCefDOZaBZamnDyKp09WB5zMwIZ8ltcYTw2j7ZguRM:wFuqdfDOkbH7FIZySYtj1guT7pvjI
Score

10^/10

discovery asyncrat venomrat feb 19 execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratvenomratfeb 19discoveryexecutionrat