asyncrat | 5d12f3d6b8c0418215b29ad3afb0a3448966a6eaeb02dca2e89d6bff5d8e2570 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

Document25.xlsm

windows7-x64

Document25.xlsm

windows10-2004-x64

Sharing

General

Target

Document25.xlsm
Size

36KB
Sample

250313-lrtk2asl13
MD5

7ac07195f03358c51fbb2e422a8b5452
SHA1

a4e0c6f0797f655c26d920cf8474e21815435455
SHA256

5d12f3d6b8c0418215b29ad3afb0a3448966a6eaeb02dca2e89d6bff5d8e2570
SHA512

2d34931e2ada796342d351de141ccfa8fae75192918fe5be3224d222a891bab957f64a9b1e16219db8d17fc8d761b29b1788937b777205c95abcf5830ab66ae0
SSDEEP

768:hETn4o5bHOKYdjaALFIOldjZ7aN9QnIpdCEuEC2t:hETNbBALFtldZ7aD5D79

Score

10^/10

asyncrat stormkitty venomrat default discovery execution macro persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Document25.xlsm

Resource

win7-20240903-en

asyncrat venomrat default discovery execution persistence rat

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Document25.xlsm

Resource

win10v2004-20250217-en

asyncrat stormkitty venomrat default discovery execution persistence rat stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

176.65.142.74:4449

176.65.142.74:4448

Mutex

daqyvsbasipyrpcr

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Document25.xlsm
- Size
  
  36KB
- MD5
  
  7ac07195f03358c51fbb2e422a8b5452
- SHA1
  
  a4e0c6f0797f655c26d920cf8474e21815435455
- SHA256
  
  5d12f3d6b8c0418215b29ad3afb0a3448966a6eaeb02dca2e89d6bff5d8e2570
- SHA512
  
  2d34931e2ada796342d351de141ccfa8fae75192918fe5be3224d222a891bab957f64a9b1e16219db8d17fc8d761b29b1788937b777205c95abcf5830ab66ae0
- SSDEEP
  
  768:hETn4o5bHOKYdjaALFIOldjZ7aN9QnIpdCEuEC2t:hETNbBALFtldZ7aD5D79
Score

10^/10

asyncrat venomrat default discovery execution persistence rat stormkitty stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenomratdefaultdiscoveryexecutionpersistencerat

behavioral2

asyncratstormkittyvenomratdefaultdiscoveryexecutionpersistenceratstealer

© 2018-2025

Terms | Privacy