asyncrat | 8d6d2b6338036d5e8412d93debee2acff5d6e8dfce90971fb75fd76df68bb66c | Triage

Sharing

General

Target

PO43346213032025.zip
Size

1.8MB
Sample

250314-xmqt5azqs3
MD5

ce249e807e095c0eae8625e0665ec02a
SHA1

d6397974a8cf40ec63886323c96e4eaf61e819cb
SHA256

8d6d2b6338036d5e8412d93debee2acff5d6e8dfce90971fb75fd76df68bb66c
SHA512

d9aa3bcc57901a000ec3ae3261ed370ab2831f477694941510e9e1a479ff4604afbc2a9ecdb3714fad7e22047789d90889fe3ba9755cbdd22f2ef0e2492334d1
SSDEEP

49152:h5J418g0VF5Twy0NdmOWBgO1BCHpXnRdLhMLeI9jp:j61c53AYOWlfSpXnfC9N

Score

10^/10

asyncrat venomrat feb 27 logs discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

FEB 27 LOGS

Mutex

dwjsrlleihmlidl

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/i3NzmwEg

aes.plain

Targets

- Target
  
  PO43346213032025.bat
- Size
  
  88KB
- MD5
  
  b715af6823bfb159c958c165147d7eda
- SHA1
  
  91daf2240fa69c26a0ec4b7d73702d28437548a3
- SHA256
  
  83df3ede16eebe226c879150dc8dd6d451ba5d27bed8b6bac4f52dd63eee849f
- SHA512
  
  c884d91d41a9ce24fd61a8fcb9c1edf80d1b18702eceb24e5aa345e8d18257f3065a854ec264edc0ce0ee4f351fe3540e3704c5efc799a9217365e6cf2a16248
- SSDEEP
  
  1536:rNkrxoOIFQJQNJsBW4P/LGEcZJyXRNcMtYtgsudkaBZ1INS/Z66ZkbmEKUgXEXzH:rNkVYFQYJ2P/LfcWjYWsulhTZ6DHff
Score

10^/10

discovery execution asyncrat venomrat feb 27 logs rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncratvenomratfeb 27 logsdiscoveryexecutionrat