asyncrat | b86a0eaa31ac1716902429c6bbef6b21ee987e667da7b236200b0199db69b837 | Triage

Submit
Reports

Overview

overview

Static

static

3

WaveInstaller (1).exe

windows7-x64

WaveInstaller (1).exe

windows10-2004-x64

Sharing

General

Target

WaveInstaller (1).exe
Size

1.6MB
Sample

240705-r36mmasfqc
MD5

00799dbcc9576bd4e72bef9700f27c1a
SHA1

775d737e89f7a03209e383f3f3cb4fc1176865fe
SHA256

b86a0eaa31ac1716902429c6bbef6b21ee987e667da7b236200b0199db69b837
SHA512

ebef9a957a4c6e697e77ab01db5b45491a35cf5222bf332a7f7ee948783aaa0f96af7b627ba47bcfc193d3988a77a8d093379558aa0fa2556966ce84b1b54f9b
SSDEEP

24576:2kxTd6WYLGJOgDLPgOAVG/v9l3bP0urOvGwaNmIfKG5xL/dEuvS:XciOgPPgOGG/vT7rrUGwaUIiG5lFS

Score

10^/10

asyncrat default discovery execution rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

WaveInstaller (1).exe

Resource

win7-20240705-en

asyncrat default discovery execution rat

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

WaveInstaller (1).exe

Resource

win10v2004-20240508-en

asyncrat default execution rat

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

excrnlqzxfdl

Attributes

delay
1
install
true
install_file
Registry.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/w5QC7zcd

aes.plain

Targets

- Target
  
  WaveInstaller (1).exe
- Size
  
  1.6MB
- MD5
  
  00799dbcc9576bd4e72bef9700f27c1a
- SHA1
  
  775d737e89f7a03209e383f3f3cb4fc1176865fe
- SHA256
  
  b86a0eaa31ac1716902429c6bbef6b21ee987e667da7b236200b0199db69b837
- SHA512
  
  ebef9a957a4c6e697e77ab01db5b45491a35cf5222bf332a7f7ee948783aaa0f96af7b627ba47bcfc193d3988a77a8d093379558aa0fa2556966ce84b1b54f9b
- SSDEEP
  
  24576:2kxTd6WYLGJOgDLPgOAVG/v9l3bP0urOvGwaNmIfKG5xL/dEuvS:XciOgPPgOGG/vT7rrUGwaUIiG5lFS
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultexecutionrat

© 2018-2024

Terms | Privacy