asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

0d5673f533f07a31d3942d8430f717eee529ac7476b855edb4b3ef793eb8d283
Size

1.8MB
Sample

250307-gbmqbsvvbz
MD5

225a7d69c0886a3795a54273bb15e9ba
SHA1

fbe30a8c335a024ae9610e4247794d4556a7e4b2
SHA256

0d5673f533f07a31d3942d8430f717eee529ac7476b855edb4b3ef793eb8d283
SHA512

92aba58f21f0a03011eb44d4a0fef399bf2aa9cbf5ab4b80b9726fe73616f506d809b59e53b59f295383136a738dc0a011bbc83b64fd334df479d6f844d281fe
SSDEEP

24576:0JyVC+EDSGigY2B7FbeiC59HFeeeqPmTMLC9la5mPCg5XEwDCL36hEANDISl8UJu:+SGio3eiC55FWMROC7wDCORZdJt0ulu

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

FEB 27 LOGS

Mutex

dwjsrlleihmlidl

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/i3NzmwEg

aes.plain

Targets

- Target
  
  DHL-INVOICE_10094519030720250009.vbs
- Size
  
  98KB
- MD5
  
  540e4bf8702b547df9e3868c10ac3af5
- SHA1
  
  e0e0ff304f3b373b285dc405f3eb44f03c2b989e
- SHA256
  
  de17c28e65d85e092109368925d9e27f51cb79c01cf4526011cfec863462e1af
- SHA512
  
  cbba98c3aa544380167e1a39d6232187c215a2432009666ad04db0d4fccba6c5f3dfc8d797b9916ab0fb4dcad149e54b899d00eb1268e99d442c34ce6e9d54a6
- SSDEEP
  
  3072:SMEJk61R5X/jMrkaQlPYvEIX3eUfiRwle2TfjH:p8/RaQ9wrXuUfi2TfjH
Score

10^/10

discovery execution asyncrat venomrat feb 27 logs rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Damage product 1.vbs
- Size
  
  98KB
- MD5
  
  540e4bf8702b547df9e3868c10ac3af5
- SHA1
  
  e0e0ff304f3b373b285dc405f3eb44f03c2b989e
- SHA256
  
  de17c28e65d85e092109368925d9e27f51cb79c01cf4526011cfec863462e1af
- SHA512
  
  cbba98c3aa544380167e1a39d6232187c215a2432009666ad04db0d4fccba6c5f3dfc8d797b9916ab0fb4dcad149e54b899d00eb1268e99d442c34ce6e9d54a6
- SSDEEP
  
  3072:SMEJk61R5X/jMrkaQlPYvEIX3eUfiRwle2TfjH:p8/RaQ9wrXuUfi2TfjH
Score

10^/10

discovery execution asyncrat venomrat feb 27 logs rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  Damage product 2.vbs
- Size
  
  98KB
- MD5
  
  540e4bf8702b547df9e3868c10ac3af5
- SHA1
  
  e0e0ff304f3b373b285dc405f3eb44f03c2b989e
- SHA256
  
  de17c28e65d85e092109368925d9e27f51cb79c01cf4526011cfec863462e1af
- SHA512
  
  cbba98c3aa544380167e1a39d6232187c215a2432009666ad04db0d4fccba6c5f3dfc8d797b9916ab0fb4dcad149e54b899d00eb1268e99d442c34ce6e9d54a6
- SSDEEP
  
  3072:SMEJk61R5X/jMrkaQlPYvEIX3eUfiRwle2TfjH:p8/RaQ9wrXuUfi2TfjH
Score

10^/10

discovery execution asyncrat venomrat feb 27 logs rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  Damage product 3.vbs
- Size
  
  98KB
- MD5
  
  540e4bf8702b547df9e3868c10ac3af5
- SHA1
  
  e0e0ff304f3b373b285dc405f3eb44f03c2b989e
- SHA256
  
  de17c28e65d85e092109368925d9e27f51cb79c01cf4526011cfec863462e1af
- SHA512
  
  cbba98c3aa544380167e1a39d6232187c215a2432009666ad04db0d4fccba6c5f3dfc8d797b9916ab0fb4dcad149e54b899d00eb1268e99d442c34ce6e9d54a6
- SSDEEP
  
  3072:SMEJk61R5X/jMrkaQlPYvEIX3eUfiRwle2TfjH:p8/RaQ9wrXuUfi2TfjH
Score

10^/10

discovery execution asyncrat venomrat feb 27 logs rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

VenomRAT

Venomrat family

Async RAT payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Legitimate hosting services abused for malware hosting/C2

AsyncRat

Asyncrat family

VenomRAT

Venomrat family

Async RAT payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Legitimate hosting services abused for malware hosting/C2

AsyncRat

Asyncrat family

VenomRAT

Venomrat family

Async RAT payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Legitimate hosting services abused for malware hosting/C2

AsyncRat

Asyncrat family

VenomRAT

Venomrat family

Async RAT payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8