asyncrat | bf9b4cd5196c0a05a596bff8478e056558282f12812441edce4c1d06a596ca03 | Triage

Submit
Reports

Overview

overview

Static

static

1

bf9b4cd519...03.exe

windows7-x64

7

bf9b4cd519...03.exe

windows10-2004-x64

Sharing

General

Target

bf9b4cd5196c0a05a596bff8478e056558282f12812441edce4c1d06a596ca03
Size

5.9MB
Sample

230215-phwktabf82
MD5

d84ebbfcfb1727d11496c170591c7aa8
SHA1

41728e4334aca4b3f417ac9d06af146262500145
SHA256

bf9b4cd5196c0a05a596bff8478e056558282f12812441edce4c1d06a596ca03
SHA512

6f343bab1682d0874e797f8ef772f53d73a6e83d1165d36b1e178ba7f8f69952e5b471ff4bd7326d6ccc63eeee70d28fc8752a1f6a28a609ec2d0cf568695a11
SSDEEP

98304:nmOvccAZPL4N3WlkqL6w9twz+IaZ7AMjwEQ6PCK9WTN3SnUwZSk1nZh:mOvtAZj41WJ6pzqZjwT6p9ON3xwJZ

Score

10^/10

asyncrat quasar 4drun default discovery evasion exploit rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

bf9b4cd5196c0a05a596bff8478e056558282f12812441edce4c1d06a596ca03.exe

Resource

win7-20221111-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bf9b4cd5196c0a05a596bff8478e056558282f12812441edce4c1d06a596ca03.exe

Resource

win10v2004-20220901-en

asyncrat quasar 4drun default discovery evasion exploit rat spyware trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

4Drun

C2

87.121.52.241:4000

Mutex

565c0b54-8fec-4eb0-a932-429f55a0cc82

Attributes

encryption_key
B000736BEBDF08FC1B6696200651882CF57E43E7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
3dfx Startup
subdirectory
SubDir

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

87.121.52.241:2000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
3dfx.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  bf9b4cd5196c0a05a596bff8478e056558282f12812441edce4c1d06a596ca03
- Size
  
  5.9MB
- MD5
  
  d84ebbfcfb1727d11496c170591c7aa8
- SHA1
  
  41728e4334aca4b3f417ac9d06af146262500145
- SHA256
  
  bf9b4cd5196c0a05a596bff8478e056558282f12812441edce4c1d06a596ca03
- SHA512
  
  6f343bab1682d0874e797f8ef772f53d73a6e83d1165d36b1e178ba7f8f69952e5b471ff4bd7326d6ccc63eeee70d28fc8752a1f6a28a609ec2d0cf568695a11
- SSDEEP
  
  98304:nmOvccAZPL4N3WlkqL6w9twz+IaZ7AMjwEQ6PCK9WTN3SnUwZSk1nZh:mOvtAZj41WJ6pzqZjwT6p9ON3xwJZ
Score

10^/10

asyncrat quasar 4drun default discovery evasion exploit rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

File Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

asyncratquasar4drundefaultdiscoveryevasionexploitratspywaretrojan

© 2018-2024

Terms | Privacy