asyncrat | ebc030bff7ec422a31186bf835b34a78923f47d780e6e7fc67b26b9a1bad611e | Triage

Sharing

General

Target

shellcode_loader.exe
Size

1.8MB
Sample

250412-1zgzjasvct
MD5

7d850bc7e19509f4dfe8e7965177a7f8
SHA1

c224ed1020eb582724c5b2fd06d9e9cf28fecb11
SHA256

ebc030bff7ec422a31186bf835b34a78923f47d780e6e7fc67b26b9a1bad611e
SHA512

100e6520d758b1f7854f70b38b40139de56ef16bfaab6241ba999e50332cce9d37a2a6aed1081fcbc53bb71fa62e97d17a776fc144cdbf025e85ce486533478c
SSDEEP

49152:9wl2T3SBOs3++1zZTFIfST7GIcaQ69H18+++L4IU6i4o:x0FUgH42H+4o

Score

10^/10

asyncrat venomrat default rat

Malware Config

Extracted

Family

asyncrat

Version

L838 RAT v1.0.0

Botnet

Default

Mutex

sfsafqagbiv

Attributes

delay
1
install
true
install_file
Runtime Broker.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/rVJQPNVe

aes.plain

Targets

- Target
  
  shellcode_loader.exe
- Size
  
  1.8MB
- MD5
  
  7d850bc7e19509f4dfe8e7965177a7f8
- SHA1
  
  c224ed1020eb582724c5b2fd06d9e9cf28fecb11
- SHA256
  
  ebc030bff7ec422a31186bf835b34a78923f47d780e6e7fc67b26b9a1bad611e
- SHA512
  
  100e6520d758b1f7854f70b38b40139de56ef16bfaab6241ba999e50332cce9d37a2a6aed1081fcbc53bb71fa62e97d17a776fc144cdbf025e85ce486533478c
- SSDEEP
  
  49152:9wl2T3SBOs3++1zZTFIfST7GIcaQ69H18+++L4IU6i4o:x0FUgH42H+4o
Score

10^/10

asyncrat venomrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenomratdefaultrat