asyncrat | 25babc8d9be2e6cc3cdd408fac70bea0d9c3f0c3480945d3bcb374c88b6f82c1 | Triage

Submit
Reports

Overview

overview

Static

static

f635d6dbb8...b0.exe

windows7_x64

f635d6dbb8...b0.exe

windows10_x64

3

Sharing

General

Target

f635d6dbb86f7d946250514c9ccb7db0.exe
Size

256KB
Sample

200709-a2332kptae
MD5

f635d6dbb86f7d946250514c9ccb7db0
SHA1

f11402b0dba9a9c81399c2f557b11deac2620c55
SHA256

25babc8d9be2e6cc3cdd408fac70bea0d9c3f0c3480945d3bcb374c88b6f82c1
SHA512

e02ba39e68acd88724acda61ac1feb501a0d070022c22863e7dd2fa2dc160a15d56e302a5ad1ad200d70091098d764c542cdf88d88d917d5f988ae36d80d9d9c

Score

10^/10

asyncrat quasar evasion persistence rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

f635d6dbb86f7d946250514c9ccb7db0.exe

Resource

win7

asyncrat quasar evasion persistence rat spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f635d6dbb86f7d946250514c9ccb7db0.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

null:null

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
EfA8oEwdphb1PRVOxTe3AN4wESj6UjIj
anti_detection
false
autorun
true
bdos
false
delay
CORONA
host
null
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
https://pastebin.com/raw/KVXdCZYr
port
null
version
0.5.7B

aes.plain

Targets

- Target
  
  f635d6dbb86f7d946250514c9ccb7db0.exe
- Size
  
  256KB
- MD5
  
  f635d6dbb86f7d946250514c9ccb7db0
- SHA1
  
  f11402b0dba9a9c81399c2f557b11deac2620c55
- SHA256
  
  25babc8d9be2e6cc3cdd408fac70bea0d9c3f0c3480945d3bcb374c88b6f82c1
- SHA512
  
  e02ba39e68acd88724acda61ac1feb501a0d070022c22863e7dd2fa2dc160a15d56e302a5ad1ad200d70091098d764c542cdf88d88d917d5f988ae36d80d9d9c
Score

10^/10

asyncrat quasar evasion persistence rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratquasarevasionpersistenceratspywaretrojan

behavioral2

© 2018-2024

Terms | Privacy