asyncrat | f5f107be259fa9f45092665ed2c4e11183d3a64c484b0d0ea4675c85f6eae87e | Triage

Submit
Reports

Overview

overview

Static

static

7

f5f107be25...7e.exe

windows7-x64

f5f107be25...7e.exe

windows10-2004-x64

Sharing

General

Target

f5f107be259fa9f45092665ed2c4e11183d3a64c484b0d0ea4675c85f6eae87e
Size

3.4MB
Sample

250329-ymbkwaxsdt
MD5

3761617c93f8dbe25b4dd01064d12a59
SHA1

0ae8278cc4a94c95db2a17f9dcf31a358e2601b2
SHA256

f5f107be259fa9f45092665ed2c4e11183d3a64c484b0d0ea4675c85f6eae87e
SHA512

163896e7841f3f4a3db0b432b7af270b2a8642ddd2857d8e44509a55a4fd2f5b7522d2f7084c92c209da375096476f86a1b770e129c528421658725f6bfaa3b6
SSDEEP

98304:x7Cz7SPhCNQl2ZolSQYwLjyy4fub0/rmPXqGR4YyN:xwMCNQeol+w/yy4fug/edny

Score

10^/10

asyncrat test5 defense_evasion discovery rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f5f107be259fa9f45092665ed2c4e11183d3a64c484b0d0ea4675c85f6eae87e.exe

Resource

win7-20240903-en

asyncrat test5 defense_evasion discovery rat themida trojan

windows7-x64

10 signatures

60 seconds

Behavioral task

behavioral2

Sample

f5f107be259fa9f45092665ed2c4e11183d3a64c484b0d0ea4675c85f6eae87e.exe

Resource

win10v2004-20250314-en

asyncrat test5 defense_evasion discovery rat themida trojan

windows10-2004-x64

11 signatures

60 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

test5

C2

92.213.96.141:3389

Mutex

vmtestingdrei

Attributes

delay
11
install
true
install_file
COM Surrogate.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  f5f107be259fa9f45092665ed2c4e11183d3a64c484b0d0ea4675c85f6eae87e
- Size
  
  3.4MB
- MD5
  
  3761617c93f8dbe25b4dd01064d12a59
- SHA1
  
  0ae8278cc4a94c95db2a17f9dcf31a358e2601b2
- SHA256
  
  f5f107be259fa9f45092665ed2c4e11183d3a64c484b0d0ea4675c85f6eae87e
- SHA512
  
  163896e7841f3f4a3db0b432b7af270b2a8642ddd2857d8e44509a55a4fd2f5b7522d2f7084c92c209da375096476f86a1b770e129c528421658725f6bfaa3b6
- SSDEEP
  
  98304:x7Cz7SPhCNQl2ZolSQYwLjyy4fub0/rmPXqGR4YyN:xwMCNQeol+w/yy4fug/edny
Score

10^/10

asyncrat test5 defense_evasion discovery rat themida trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncrattest5defense_evasiondiscoveryratthemidatrojan

behavioral2

asyncrattest5defense_evasiondiscoveryratthemidatrojan

© 2018-2025

Terms | Privacy