asyncrat | 9800bef9d4936ee96d4872fb686121dd7209f8b529e9bdc833c4fe54bb68f5c8 | Triage

Submit
Reports

Overview

overview

Static

static

1

kk.bat

windows10-1703-x64

kk.bat

windows7-x64

7

Sharing

General

Target

kk.bat
Size

182KB
Sample

230209-rzzpxafh6x
MD5

df4da1ecd4c50871a1c4315f571e4402
SHA1

1dbbe9b3784cf5ecdd08b27132a7e31588954865
SHA256

9800bef9d4936ee96d4872fb686121dd7209f8b529e9bdc833c4fe54bb68f5c8
SHA512

5f9e47f865c48cb1f2070d5d393a5d3494074bfe2347e07c988d06c8244dd420181c210a8ebdd54f768a64a5906d0c9e3be271d44f6e5bd32991bc2cacf85d3e
SSDEEP

3072:ur2RTVYk0bjRtZLlnm6Gdk8vZQfjO8KifQ6vfegRI8mlgJJ4u6A0FzfghYE:BRiltZITy8ufjLQsBUlgeMYE

Score

10^/10

asyncrat quasar default office04 rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

kk.bat

Resource

win10-20220812-en

asyncrat quasar default office04 rat spyware trojan

windows10-1703-x64

18 signatures

600 seconds

Behavioral task

behavioral2

Sample

kk.bat

Resource

win7-20221111-en

windows7-x64

6 signatures

600 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

207.244.236.205:6606

207.244.236.205:7707

207.244.236.205:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

quasharr.ddns.net:4782

quasharr21.ddns.net:4782

quasharr22.ddns.net:4782

quasharr33.ddns.net:4782

Mutex

1f1a8604-757c-4251-9294-1b6985c3c1c7

Attributes

encryption_key
2D1A3994D3C8E5C6071E7048589030F3E389DDC7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows
subdirectory
SubDir

Targets

- Target
  
  kk.bat
- Size
  
  182KB
- MD5
  
  df4da1ecd4c50871a1c4315f571e4402
- SHA1
  
  1dbbe9b3784cf5ecdd08b27132a7e31588954865
- SHA256
  
  9800bef9d4936ee96d4872fb686121dd7209f8b529e9bdc833c4fe54bb68f5c8
- SHA512
  
  5f9e47f865c48cb1f2070d5d393a5d3494074bfe2347e07c988d06c8244dd420181c210a8ebdd54f768a64a5906d0c9e3be271d44f6e5bd32991bc2cacf85d3e
- SSDEEP
  
  3072:ur2RTVYk0bjRtZLlnm6Gdk8vZQfjO8KifQ6vfegRI8mlgJJ4u6A0FzfghYE:BRiltZITy8ufjLQsBUlgeMYE
Score

10^/10

asyncrat quasar default office04 rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Async RAT payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratquasardefaultoffice04ratspywaretrojan

behavioral2

© 2018-2024

Terms | Privacy