asyncrat | 66e1df37517d3363193b4a7adde2326877bc327c27bed5b2f7df5150346c2e25 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Client.exe

windows7-x64

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

74KB
Sample

250309-rcmrtssvex
MD5

4e2acf8511bdcd56d450a268402b1ae5
SHA1

c9ffe8dd722fdc7611b3bfc45c327e0a051fbae4
SHA256

66e1df37517d3363193b4a7adde2326877bc327c27bed5b2f7df5150346c2e25
SHA512

3dc322b8c2af84db309158198098a15a8cf9e5bc98c1c7da2dae2aad3b3a2ce434bc1edb4008707b8f5980e2978cc938f731d89043d456e7d59e5befdcd8ffdd
SSDEEP

1536:rU5ccx4y3lCl6PMVOe9VdQuDI6H1bf/eluQzcfjVclN:rU6cx4yVy6PMVOe9VdQsH1bfWluQqJY

Score

10^/10

asyncrat venomrat default rat

Static task

static1

rat default asyncrat venomrat

5 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win7-20240729-en

asyncrat venomrat default rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client.exe

Resource

win10v2004-20250217-en

asyncrat venomrat default rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

127.0.0.1:4448

103.83.164.33:4449

103.83.164.33:4448

192.168.126.128:4449

192.168.126.128:4448

Mutex

iyziqtacatvjvjj

Attributes

delay
1
install
true
install_file
hello.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  74KB
- MD5
  
  4e2acf8511bdcd56d450a268402b1ae5
- SHA1
  
  c9ffe8dd722fdc7611b3bfc45c327e0a051fbae4
- SHA256
  
  66e1df37517d3363193b4a7adde2326877bc327c27bed5b2f7df5150346c2e25
- SHA512
  
  3dc322b8c2af84db309158198098a15a8cf9e5bc98c1c7da2dae2aad3b3a2ce434bc1edb4008707b8f5980e2978cc938f731d89043d456e7d59e5befdcd8ffdd
- SSDEEP
  
  1536:rU5ccx4y3lCl6PMVOe9VdQuDI6H1bf/eluQzcfjVclN:rU6cx4yVy6PMVOe9VdQsH1bfWluQqJY
Score

10^/10

asyncrat venomrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncratvenomrat

behavioral1

asyncratvenomratdefaultrat

behavioral2

asyncratvenomratdefaultrat

© 2018-2025

Terms | Privacy