asyncrat | 50a1656f6cca2b5a9810f6a70352cf56d5ab156e80752a68f49e968460a634b1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

1337.exe

windows7-x64

1337.exe

windows10-2004-x64

Sharing

General

Target

1337.exe
Size

24.3MB
Sample

250308-wflq6azygt
MD5

124d9ebd081fe16de958304349b59316
SHA1

e2770e0cd44041e9ce91e77da2c7f56d04654ef3
SHA256

50a1656f6cca2b5a9810f6a70352cf56d5ab156e80752a68f49e968460a634b1
SHA512

49fcf668108b7b472bdec5261125c14e3e24251eb6b906b3bca4bf87a6333e7c1e6aec62c40a11ab975c5e4d3c750ca55cf5ef093a8f5ce7aaa70b477ab9ea9e
SSDEEP

393216:QvKOA+h/KlqTs0jCaQBdzqLx0HQkGN3zFlfje6f4gXBNobFF6V44uS4SbO:Qi5+h/Kl3MVy9GxGGNjbP4g3oMV4E41

Score

10^/10

asyncrat venomrat inc defense_evasion rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1337.exe

Resource

win7-20240729-en

asyncrat venomrat inc defense_evasion rat

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

1337.exe

Resource

win10v2004-20250217-en

asyncrat venomrat inc defense_evasion rat

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

INC

Mutex

lwosqqqkziedfsbxxgh

Attributes

c2_url_file
https://paste.ee/r/SvRLFmbW/0
delay
1
install
true
install_file
System.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1337.exe
- Size
  
  24.3MB
- MD5
  
  124d9ebd081fe16de958304349b59316
- SHA1
  
  e2770e0cd44041e9ce91e77da2c7f56d04654ef3
- SHA256
  
  50a1656f6cca2b5a9810f6a70352cf56d5ab156e80752a68f49e968460a634b1
- SHA512
  
  49fcf668108b7b472bdec5261125c14e3e24251eb6b906b3bca4bf87a6333e7c1e6aec62c40a11ab975c5e4d3c750ca55cf5ef093a8f5ce7aaa70b477ab9ea9e
- SSDEEP
  
  393216:QvKOA+h/KlqTs0jCaQBdzqLx0HQkGN3zFlfje6f4gXBNobFF6V44uS4SbO:Qi5+h/Kl3MVy9GxGGNjbP4g3oMV4E41
Score

10^/10

asyncrat venomrat inc defense_evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Obfuscated Files or Information

Command Obfuscation

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenomratincdefense_evasionrat

behavioral2

asyncratvenomratincdefense_evasionrat

© 2018-2025

Terms | Privacy