asyncrat | 35dd1e24b5d7024c28d728aa28146f910c0b9832b5dff75ce5e972b5a6f414c5 | Triage

Submit
Reports

Overview

overview

Static

static

VenomRAT v...er.exe

windows7-x64

VenomRAT v...er.exe

windows10-2004-x64

Resubmissions

15-04-2024 15:53

240415-tbwpfsce4y 10

23-03-2024 00:57

240323-ba892sbc56 10

Sharing

General

Target

35dd1e24b5d7024c28d728aa28146f910c0b9832b5dff75ce5e972b5a6f414c5
Size

89.0MB
Sample

240415-twdpdaag85
MD5

d49a8b14617c5ae85d30f166275a3ddc
SHA1

92be272e8a6d9e8cc1d2384c3c9f1dbc564a71cb
SHA256

35dd1e24b5d7024c28d728aa28146f910c0b9832b5dff75ce5e972b5a6f414c5
SHA512

5e3ba3689b3017f1349dc0143b889684fd9c8d329d0bbad73e3ba36256e0bb11886ebe85379e38941ec57268353855eb9f0bdce6928a9ea30562b5b0d81db7e9
SSDEEP

1572864:9VI5gzIB1whtqmF8o4hdboY/y6/twvY17cI1Cb6O5GToZhvacXrZdVCyt:DIeILotq7hJoY/p/x17TCeO5GIF1dVCw

Score

10^/10

asyncrat quasar stormkitty default v3.0.0 | venom defense_evasion execution rat spyware trojan

Static task

static1

rat default asyncrat stormkitty

5 signatures

Behavioral task

behavioral1

Sample

VenomRAT v6.0.3/Venom RAT + HVNC + Stealer + Grabber.exe

Resource

win7-20240221-en

asyncrat execution rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

VenomRAT v6.0.3/Venom RAT + HVNC + Stealer + Grabber.exe

Resource

win10v2004-20240611-en

asyncrat quasar v3.0.0 | venom defense_evasion execution rat spyware trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

95.216.52.21:7575

Mutex

xdnqiaxygefjfoolgo

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v3.0.0 | Venom

C2

134.255.254.225:5050

buy-positioning.at.ply.gg:58563

buy-positioning.at.ply.gg:5050

Mutex

90bea261-2bc5-4336-a086-718cd0ea9335

Attributes

encryption_key
4A61C133F5AD65F90240BF44872C676E824A6CA7
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
1000

Targets

- Target
  
  VenomRAT v6.0.3/Venom RAT + HVNC + Stealer + Grabber.exe
- Size
  
  26.1MB
- MD5
  
  a8776c9984c7b6c4f18bf0505ca939b5
- SHA1
  
  e23a41b6f03f11d3b6a64d5645fa102f373bd292
- SHA256
  
  5dbb0f9df5fc34b49f0e284afe9037206c29dd8e50f0adbbcca785dcca89592e
- SHA512
  
  9ebb8d42d1649cb2b3e97bd703d5daa4b1a87f21949c279335f5b0ee834ef185be473e23f82f0562a0f22c1e54675259113c6555976aee5b5def2087b34a8398
- SSDEEP
  
  786432:/h9/AxUNfm9O7HYazcKB9rZsiqS+r+/hGykCCU1:/h9YxUNpTYGRQGhGykCC
Score

10^/10

asyncrat execution rat quasar v3.0.0 | venom defense_evasion spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Safe Mode Boot

Hide Artifacts

Hidden Window

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncratstormkitty

behavioral1

asyncratexecutionrat

behavioral2

asyncratquasarv3.0.0 | venomdefense_evasionexecutionratspywaretrojan

© 2018-2024

Terms | Privacy