asyncrat | 2f7c4001b496b4bb53c75014f83a55bb7cdf06254806f5cd4591c5af4e146de7 | Triage

Sharing

General

Target

2f7c4001b496b4bb53c75014f83a55bb7cdf06254806f5cd4591c5af4e146de7.zip
Size

1.0MB
Sample

250311-c4289sytgy
MD5

f2c1255d497c70eb3a70597d5067e15f
SHA1

61ac6c7f1ef461c7fac97ba8c9279516d058d645
SHA256

2f7c4001b496b4bb53c75014f83a55bb7cdf06254806f5cd4591c5af4e146de7
SHA512

52687880bd40434016ccf3517cf141d16944415086cba119b0a647f1068ee44b51540e74e3d8864e74d74a4aeb245f07f9122872a49d064903c92a4863dea14c
SSDEEP

24576:YAkK+owDc5adDtg0W6H8tDPq5hmLQF9Ijr3WVsUaiacDJ:nHbwDcctdn8tDPq5cLishviacDJ

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

204.10.161.147:4955

Mutex

mzsualcjlq

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RFQ_PO_783B65/RFQ-PO783B65.bat
- Size
  
  45B
- MD5
  
  c15f0bc7c754ae5cc5f09d4a646232a5
- SHA1
  
  3463cfed84c507ea4839793db9a19b79d9218632
- SHA256
  
  1d25f7af62786393a933913bcbd4e0412b7261817ecea3aeb60e2294adaece9d
- SHA512
  
  bf5c3da788c3807d8be313765f12671cc67bac797214d7a18ab1570c6fbcbb4a8536ec169633329d51d22b087692ebfed45fd8565277a4c26df656ab6e9e43f0
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  RFQ_PO_783B65/RFQ-PO783B65.png
- Size
  
  1.1MB
- MD5
  
  c655f74a0a364d39ca8c4c7f46647a15
- SHA1
  
  04fa23d7ff51f5b503c991f7d9ff0d4c919b89b0
- SHA256
  
  6ff96de44e65161cfb8afd5e46e30b4940be0187b0c5422ff270f4e5adfb60a7
- SHA512
  
  120b10adc8b83feeaf26663f954ecba4e06dd6a3100f1d0405e5c054f62441ea9ad92015a296e9d56f9a295b11dbb54e5bcfddd26958a0dcc1633126c2f9a09e
- SSDEEP
  
  24576:mKyowlc5WdDtWmW6/2t1tm5JcL8FPujl3mV0UKAaL:93wlcctTf2t1tm56LG4LFAa
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat

behavioral3

behavioral4

asyncratdefaultdiscoveryrat