asyncrat | 2437709b8e2f53f242849d6b45ebabd03226ee70d508926746989c368ffc3df7 | Triage

Sharing

General

Target

windows_shellcode_loader.exe
Size

1.8MB
Sample

250412-yyq5pszqt8
MD5

880a88bc4d6883b288e9fe5991396afc
SHA1

f448f7266c97e98fb8fdfa90d33ad775ee8ac3cc
SHA256

2437709b8e2f53f242849d6b45ebabd03226ee70d508926746989c368ffc3df7
SHA512

16d4014a54a416785fe2d784370a839c4fd56c6bc394f68edea3dc02b9e9bf0891f4f4a286ce874de1e41262a7debdd15ddf3b05d146851c083ac5f2a7bd0a44
SSDEEP

49152:a2LkiBtAvvAEF5+sFrguhJ2B+qVIUZKrhpE94IU6i:eFjODFH+

Score

10^/10

asyncrat venomrat default rat

Malware Config

Extracted

Family

asyncrat

Version

L838 RAT v1.0.0

Botnet

Default

Mutex

sfsafqagbiv

Attributes

delay
1
install
true
install_file
Runtime Broker.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/rVJQPNVe

aes.plain

Targets

- Target
  
  windows_shellcode_loader.exe
- Size
  
  1.8MB
- MD5
  
  880a88bc4d6883b288e9fe5991396afc
- SHA1
  
  f448f7266c97e98fb8fdfa90d33ad775ee8ac3cc
- SHA256
  
  2437709b8e2f53f242849d6b45ebabd03226ee70d508926746989c368ffc3df7
- SHA512
  
  16d4014a54a416785fe2d784370a839c4fd56c6bc394f68edea3dc02b9e9bf0891f4f4a286ce874de1e41262a7debdd15ddf3b05d146851c083ac5f2a7bd0a44
- SSDEEP
  
  49152:a2LkiBtAvvAEF5+sFrguhJ2B+qVIUZKrhpE94IU6i:eFjODFH+
Score

10^/10

asyncrat venomrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvenomratdefaultrat