asyncrat | cd08f5915f23b038be7cfaf48573baf25b697a194c4571869e1a47a7d77349d6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

PO43346217032025.bat

windows7-x64

8

PO43346217032025.bat

windows10-2004-x64

Sharing

General

Target

PO43346217032025.bat
Size

303KB
Sample

250318-sq683aynt3
MD5

de704a10eb94139d83d1268c9cb95a72
SHA1

455d0bf80736319586ef6ed809d7eb0fc0a7783f
SHA256

cd08f5915f23b038be7cfaf48573baf25b697a194c4571869e1a47a7d77349d6
SHA512

c3c6f86d951526583f2ad9a0fc7fefe110d840d358d15f5db700469bfce394628990fc1edbfb7ac7f5858f99d47d574b83a444f21bb709723ab25fa49d4cadec
SSDEEP

6144:EJ9zDX9Ly24XnDM0s1wGnogdblMJBbHfip:EjfQ2AGwGolzHfip

Score

10^/10

asyncrat venomrat feb 27 logs discovery execution rat

Static task

static1

Behavioral task

behavioral1

Sample

PO43346217032025.bat

Resource

win7-20240903-en

discovery execution

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO43346217032025.bat

Resource

win10v2004-20250313-en

asyncrat venomrat feb 27 logs discovery execution rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

FEB 27 LOGS

Mutex

dwjsrlleihmlidl

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/i3NzmwEg

aes.plain

Targets

- Target
  
  PO43346217032025.bat
- Size
  
  303KB
- MD5
  
  de704a10eb94139d83d1268c9cb95a72
- SHA1
  
  455d0bf80736319586ef6ed809d7eb0fc0a7783f
- SHA256
  
  cd08f5915f23b038be7cfaf48573baf25b697a194c4571869e1a47a7d77349d6
- SHA512
  
  c3c6f86d951526583f2ad9a0fc7fefe110d840d358d15f5db700469bfce394628990fc1edbfb7ac7f5858f99d47d574b83a444f21bb709723ab25fa49d4cadec
- SSDEEP
  
  6144:EJ9zDX9Ly24XnDM0s1wGnogdblMJBbHfip:EjfQ2AGwGolzHfip
Score

10^/10

discovery execution asyncrat venomrat feb 27 logs rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncratvenomratfeb 27 logsdiscoveryexecutionrat

© 2018-2025

Terms | Privacy