asyncrat | 1f522a21b4f7df8d6d4537d2aaba1b407ee427d4e44f89427ad35c3556730843 | Triage

Sharing

General

Target

1f522a21b4f7df8d6d4537d2aaba1b407ee427d4e44f89427ad35c3556730843
Size

2.9MB
Sample

250221-cgqa7azmfs
MD5

e2b81e506da924059fd0b1e4bd9eb3ae
SHA1

ecf52d7c1616ffa52020ebcc8b3b79ec1770eecd
SHA256

1f522a21b4f7df8d6d4537d2aaba1b407ee427d4e44f89427ad35c3556730843
SHA512

469358884c44447b34536dfdf75469d196f9aef9ef60a8e8bb4c02756cbb5a67efdcb0b7d241abf83386063b9daee86ba74e993d52f77fa2d20432ed1877f092
SSDEEP

49152:IQ3YRorKW5k82cr3YNXrlnKadJSJfT1WCuSeYhVx7wYZIQphenoKHoCPzGnbnr6G:NIRof5kPcDoblLqfTAQ1VxEYDGTICPzk

Score

10^/10

asyncrat venomrat feb 19 discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

FEB 19

Mutex

cgkwgawwtvsvxsymd

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/Ax2bm8Nk

aes.plain

Targets

- Target
  
  9491700097082_20250101_20250211_40489.vbs
- Size
  
  61KB
- MD5
  
  6b21159837ddee24c19775ca1f5ec62d
- SHA1
  
  d68d6100363fd75679c69111288d9fa692b35cba
- SHA256
  
  1bf0f448a3723866f225527bd1cae2d5062ca48c298b425c11968b4bbddca5c8
- SHA512
  
  2633084c9bf5db0e2f241a33692ce9069ba04fa72c5b8d7cbdb1573f469b039cf1d99836fe21cb5eef0cc7744ecbdb6f1dcdee82c88c851aaa10e5293a8ac023
- SSDEEP
  
  768:e2ysVepqc8QaEiZ7LfrPBW/2Vbt804sXcYpr6qDaR2UjKWlAi4fKds8kzB6oerlN:m9a5bBvVbu04s5CR2lWiIAwltrQRFY
Score

10^/10

discovery asyncrat venomrat feb 19 execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratvenomratfeb 19discoveryexecutionrat