asyncrat | 1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374 | Triage

Submit
Reports

Overview

overview

Static

static

1379e10d0f...74.exe

windows7-x64

1379e10d0f...74.exe

windows10-2004-x64

Sharing

General

Target

1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374
Size

73KB
Sample

240630-xlt56awcrk
MD5

af90f03a23c6af39ca50fc618b066c2b
SHA1

955cf4e596dd113ea97d8bd234e09cc4a4584ad9
SHA256

1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374
SHA512

15f383e541c3bc9c2143adda1dbfad2ca2114264a2a05d623404a8439567bd33a59136833976b4bdbebf4b0b012af39bc136b74b9ac187a3b4d9ec083e1df5ff
SSDEEP

1536:oUYccx4y3lCl6PMVp7TNyIB21bl/5OdxQzc33VclN:oUlcx4yVy6PMVp7Bl21blCQSlY

Score

10^/10

asyncrat default discovery rat

Static task

static1

default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374.exe

Resource

win7-20240611-en

asyncrat default discovery rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374.exe

Resource

win10v2004-20240226-en

asyncrat default discovery rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

147.185.221.20:46193

Mutex

tesargwffegsrgdrtgr5eg4re5gy756u6j7

Attributes

delay
1
install
true
install_file
12345.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374
- Size
  
  73KB
- MD5
  
  af90f03a23c6af39ca50fc618b066c2b
- SHA1
  
  955cf4e596dd113ea97d8bd234e09cc4a4584ad9
- SHA256
  
  1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374
- SHA512
  
  15f383e541c3bc9c2143adda1dbfad2ca2114264a2a05d623404a8439567bd33a59136833976b4bdbebf4b0b012af39bc136b74b9ac187a3b4d9ec083e1df5ff
- SSDEEP
  
  1536:oUYccx4y3lCl6PMVp7TNyIB21bl/5OdxQzc33VclN:oUlcx4yVy6PMVp7Bl21blCQSlY
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detects executables attemping to enumerate video devices using WMI
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

defaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat

© 2018-2024

Terms | Privacy