asyncrat | b264479fe94356b7722736ac60566c2430e635023933fca1834d6e0bce604449 | Triage

Submit
Reports

Overview

overview

Static

static

B264479FE9...3F.exe

windows7-x64

B264479FE9...3F.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

B264479FE94356B7722736AC60566C2430E635023933F.exe
Size

831KB
Sample

221026-gxg2zaehdm
MD5

e801956435179f3817e559479dd04273
SHA1

a98c17fe0ae934db542ea7ee207d8a8e254eea10
SHA256

b264479fe94356b7722736ac60566c2430e635023933fca1834d6e0bce604449
SHA512

9c4a33be1c32037675e345365084df2d65a481794fe8d38804bfe50a8f0ed915f0e6f6d5cc6995fec530fbea68f3322f52b6abeba655371d60902a552fce6cad
SSDEEP

12288:tsVJXFwqsoQwEvGn/SUZ7aRLB8lSV3ZUlWvEAh4cc71LDhXXGG4X7ld6c8M9x8P5:tQJXdtsSW5hFcxdXXGJLac8M9wRHL

Score

10^/10

asyncrat zzzzzzzzzzzzzzzzzzzdepredator persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

B264479FE94356B7722736AC60566C2430E635023933F.exe

Resource

win7-20220901-en

asyncrat zzzzzzzzzzzzzzzzzzzdepredator persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

B264479FE94356B7722736AC60566C2430E635023933F.exe

Resource

win10v2004-20220812-en

asyncrat zzzzzzzzzzzzzzzzzzzdepredator persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

ZZZZZZZZZZZZZZZZZZZDEPREDATOR

C2

strekhost2030.duckdns.org:4204

Mutex

cookies

Attributes

delay
3
install
false
install_file
Audioupdatee.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  B264479FE94356B7722736AC60566C2430E635023933F.exe
- Size
  
  831KB
- MD5
  
  e801956435179f3817e559479dd04273
- SHA1
  
  a98c17fe0ae934db542ea7ee207d8a8e254eea10
- SHA256
  
  b264479fe94356b7722736ac60566c2430e635023933fca1834d6e0bce604449
- SHA512
  
  9c4a33be1c32037675e345365084df2d65a481794fe8d38804bfe50a8f0ed915f0e6f6d5cc6995fec530fbea68f3322f52b6abeba655371d60902a552fce6cad
- SSDEEP
  
  12288:tsVJXFwqsoQwEvGn/SUZ7aRLB8lSV3ZUlWvEAh4cc71LDhXXGG4X7ld6c8M9x8P5:tQJXdtsSW5hFcxdXXGJLac8M9wRHL
Score

10^/10

asyncrat zzzzzzzzzzzzzzzzzzzdepredator persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratzzzzzzzzzzzzzzzzzzzdepredatorpersistencerat

behavioral2

asyncratzzzzzzzzzzzzzzzzzzzdepredatorpersistencerat

© 2018-2025

Terms | Privacy