asyncrat | bb4be945dc877db16d2e377d95b6f6ef09511704f87d7e42eb65079db9cf5bbd | Triage

Sharing

General

Target

windows_shellcode_loader.exe
Size

1.9MB
Sample

250412-yma94szpv5
MD5

71eb0dacf8cc3a5f28f97a3118617ba3
SHA1

a44ec48144e6324efb253ae1df0308fbb245ab3c
SHA256

bb4be945dc877db16d2e377d95b6f6ef09511704f87d7e42eb65079db9cf5bbd
SHA512

a370fd93672b41e2c3d45735709da921702d2c16a2124c2e6d3635a1848b63c69d6d164f681f69460b004496bb655ffc8a68e68162a8e4655611e2af87f761c0
SSDEEP

49152:MiIOBlFN+jcg72yasRc6lBH1KroUbRZPAi4IU6ibV:AagiypuuQb8iH+bV

Score

10^/10

asyncrat venomrat default rat

Malware Config

Extracted

Family

asyncrat

Version

L838 RAT v1.0.0

Botnet

Default

Mutex

sfsafqagbiv

Attributes

delay
1
install
true
install_file
Runtime Broker.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/rVJQPNVe

aes.plain

Targets

- Target
  
  windows_shellcode_loader.exe
- Size
  
  1.9MB
- MD5
  
  71eb0dacf8cc3a5f28f97a3118617ba3
- SHA1
  
  a44ec48144e6324efb253ae1df0308fbb245ab3c
- SHA256
  
  bb4be945dc877db16d2e377d95b6f6ef09511704f87d7e42eb65079db9cf5bbd
- SHA512
  
  a370fd93672b41e2c3d45735709da921702d2c16a2124c2e6d3635a1848b63c69d6d164f681f69460b004496bb655ffc8a68e68162a8e4655611e2af87f761c0
- SSDEEP
  
  49152:MiIOBlFN+jcg72yasRc6lBH1KroUbRZPAi4IU6ibV:AagiypuuQb8iH+bV
Score

10^/10

asyncrat venomrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenomratdefaultrat