asyncrat | 616835a3491009a64fc5b13a8ab3f41b7c3cb1e438d783e2a8577286d6df9070 | Triage

Submit
Reports

Overview

overview

Static

static

Venom FUD Crypter.exe

windows10-2004-x64

Sharing

General

Target

Venom FUD Crypter.exe
Size

33.1MB
Sample

250225-ax825ayly5
MD5

4d8f0e9b1be60a67a948c0a39963c394
SHA1

3fbc962b919806f6fc9022c15638b34eb001ad04
SHA256

616835a3491009a64fc5b13a8ab3f41b7c3cb1e438d783e2a8577286d6df9070
SHA512

ff6a7867bc9fae22225e5a836366fd0e9cd380d48af06c1bca9527fc3aa4e526e55a1e5b8f83a2ba6ab9a030696cbb9d1b22980ec19a5176d7ede569a2c23e07
SSDEEP

786432:qy8V6BYm8YUUWsiDPg50CfZgQukXL5xYU3s0EhHbjxHklu:3NBYEUUWFI5Tf2nEPfEhH/Neu

Score

10^/10

asyncrat darkvision xenorat github discovery execution rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Venom FUD Crypter.exe

Resource

win10v2004-20250217-en

asyncrat darkvision xenorat github discovery execution rat trojan

windows10-2004-x64

23 signatures

600 seconds

Malware Config

Extracted

Family

xenorat

C2

domain13.ddns.net

Attributes

delay
5000
install_path
temp
port
1024
startup_name
svchost.exe

Extracted

Family

asyncrat

Version

1.0.7

Botnet

GitHub

C2

127.0.0.1:10000

127.0.0.1:650

domain13.ddns.net:10000

domain13.ddns.net:650

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%Temp%

aes.plain

Extracted

Family

darkvision

C2

https://noratek.helioho.st/upload.php

domain13.ddns.net

Targets

- Target
  
  Venom FUD Crypter.exe
- Size
  
  33.1MB
- MD5
  
  4d8f0e9b1be60a67a948c0a39963c394
- SHA1
  
  3fbc962b919806f6fc9022c15638b34eb001ad04
- SHA256
  
  616835a3491009a64fc5b13a8ab3f41b7c3cb1e438d783e2a8577286d6df9070
- SHA512
  
  ff6a7867bc9fae22225e5a836366fd0e9cd380d48af06c1bca9527fc3aa4e526e55a1e5b8f83a2ba6ab9a030696cbb9d1b22980ec19a5176d7ede569a2c23e07
- SSDEEP
  
  786432:qy8V6BYm8YUUWsiDPg50CfZgQukXL5xYU3s0EhHbjxHklu:3NBYEUUWFI5Tf2nEPfEhH/Neu
Score

10^/10

asyncrat darkvision xenorat github discovery execution rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdarkvisionxenoratgithubdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy