asyncrat | 70825ba5a90d571a78e8acae635d5dd2b8c6cd2703598adb94f99db55f3c696a | Triage

Submit
Reports

Overview

overview

Static

static

1

Dc Rat Cra...ll.exe

windows7-x64

Dc Rat Cra...ll.exe

windows10-2004-x64

Sharing

General

Target

Dc Rat Cracked+Activated_install.exe
Size

12.1MB
Sample

230218-xwkz8sdb97
MD5

f00412c3ee8f146d7558348e910deed9
SHA1

d5d51ac94ea123cfdd57def46b81562ea98c4cff
SHA256

70825ba5a90d571a78e8acae635d5dd2b8c6cd2703598adb94f99db55f3c696a
SHA512

ac6f52e43bdb26a2a43b266d9aa8f0340ba3eca37a74b484208dc1c6f582c0ee1bab68df570b3d57b046111335dc02ac7c91f26ac963c2dd3dbd71cbb8d64608
SSDEEP

196608:VgTatkAKz1y4UgLLPcaJlscK/Vze5E5Dv6+QP8IlJh+xnem2BTeFjab5lhdI1z:VGb1yzCLEaJp2IEZv6+Ah+xnq4Gb5lI

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

Dc Rat Cracked+Activated_install.exe

Resource

win7-20220812-en

asyncrat default rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Dc Rat Cracked+Activated_install.exe

Resource

win10v2004-20221111-en

asyncrat default rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

verynice.ddns.net:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
WindowsDefender.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  Dc Rat Cracked+Activated_install.exe
- Size
  
  12.1MB
- MD5
  
  f00412c3ee8f146d7558348e910deed9
- SHA1
  
  d5d51ac94ea123cfdd57def46b81562ea98c4cff
- SHA256
  
  70825ba5a90d571a78e8acae635d5dd2b8c6cd2703598adb94f99db55f3c696a
- SHA512
  
  ac6f52e43bdb26a2a43b266d9aa8f0340ba3eca37a74b484208dc1c6f582c0ee1bab68df570b3d57b046111335dc02ac7c91f26ac963c2dd3dbd71cbb8d64608
- SSDEEP
  
  196608:VgTatkAKz1y4UgLLPcaJlscK/Vze5E5Dv6+QP8IlJh+xnem2BTeFjab5lhdI1z:VGb1yzCLEaJp2IEZv6+Ah+xnq4Gb5lI
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy