asyncrat | 1906cc91bd310c9f1ca7d59bb7338d6e10c023cd1af449788850b188963e7ee7 | Triage

Submit
Reports

Overview

overview

Static

static

KRNL.exe

windows7-x64

KRNL.exe

windows10-2004-x64

Sharing

General

Target

KRNL.exe
Size

1.6MB
Sample

221206-wgdryadb6s
MD5

cbadb1de52c16cccc08299d089b005bc
SHA1

843b3fd90240fbad0b567ce5e9a7280a465941ad
SHA256

1906cc91bd310c9f1ca7d59bb7338d6e10c023cd1af449788850b188963e7ee7
SHA512

5560990231317838d403a4f2508558a415868a2ee88006538ce2bccc0bd40aff03e03c45f696be4b79b24661375bf845eeaf061729fa1a5a3a5ddc761bdeaa6f
SSDEEP

12288:93KGvZLJNMO7BDUbWyM6FJJzcXdlNe7kaZHQlMXMUcwdeljucY/ObSvoPzpPw0IR:96ALJeOtLzoJzcXptaZwlUujlSNX

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

KRNL.exe

Resource

win7-20221111-en

asyncrat default rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

KRNL.exe

Resource

win10v2004-20220812-en

asyncrat default rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

goods-generic.at.playit.gg:12632

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_file
virus.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  KRNL.exe
- Size
  
  1.6MB
- MD5
  
  cbadb1de52c16cccc08299d089b005bc
- SHA1
  
  843b3fd90240fbad0b567ce5e9a7280a465941ad
- SHA256
  
  1906cc91bd310c9f1ca7d59bb7338d6e10c023cd1af449788850b188963e7ee7
- SHA512
  
  5560990231317838d403a4f2508558a415868a2ee88006538ce2bccc0bd40aff03e03c45f696be4b79b24661375bf845eeaf061729fa1a5a3a5ddc761bdeaa6f
- SSDEEP
  
  12288:93KGvZLJNMO7BDUbWyM6FJJzcXdlNe7kaZHQlMXMUcwdeljucY/ObSvoPzpPw0IR:96ALJeOtLzoJzcXptaZwlUujlSNX
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy