asyncrat | 44091a677e3d6fa0e0c575856a1431578f5755ed98c12f35429905e43da59be0 | Triage

Submit
Reports

Overview

overview

Static

static

1

PAR4DISE.bat

windows10-1703-x64

PAR4DISE.bat

windows10-2004-x64

Sharing

General

Target

PAR4DISE.bat
Size

11.6MB
Sample

230313-rp23aacg7x
MD5

fe3925c1f7ab685f15bac7af0ce98ede
SHA1

91e9831c81d150ba337bc03dbe072e7a58403343
SHA256

44091a677e3d6fa0e0c575856a1431578f5755ed98c12f35429905e43da59be0
SHA512

18c9cd2d7444f8bd09825a2c027a662fc6a027bd9ebaf8b6bb8ada8d8b2977f67f1827a5fa73b151ff58e5fce51f42f51987f8b5dcc78795a3e2df69543ec9fd
SSDEEP

49152:siq+kJMxngSl5DHn7UbM+K7ipjPWQB2VBWdIpmqu8Modtu7CWO2e3BifetlEzKPf:7

Score

10^/10

asyncrat quasar v15.5.0 | seroxen rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

PAR4DISE.bat

Resource

win10-20230220-es

asyncrat quasar v15.5.0 | seroxen rat spyware trojan

windows10-1703-x64

13 signatures

600 seconds

Behavioral task

behavioral2

Sample

PAR4DISE.bat

Resource

win10v2004-20230221-es

windows10-2004-x64

9 signatures

600 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

v15.5.0 | SeroXen

C2

181.ip.ply.gg:9697

Mutex

c33f6306-42ab-4623-a4a9-41a3cc67df21

Attributes

encryption_key
5EAAD3FD254A0F71348B8F552A258BF4D0766627
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
3000
startup_key
$sxr-seroxen

Targets

- Target
  
  PAR4DISE.bat
- Size
  
  11.6MB
- MD5
  
  fe3925c1f7ab685f15bac7af0ce98ede
- SHA1
  
  91e9831c81d150ba337bc03dbe072e7a58403343
- SHA256
  
  44091a677e3d6fa0e0c575856a1431578f5755ed98c12f35429905e43da59be0
- SHA512
  
  18c9cd2d7444f8bd09825a2c027a662fc6a027bd9ebaf8b6bb8ada8d8b2977f67f1827a5fa73b151ff58e5fce51f42f51987f8b5dcc78795a3e2df69543ec9fd
- SSDEEP
  
  49152:siq+kJMxngSl5DHn7UbM+K7ipjPWQB2VBWdIpmqu8Modtu7CWO2e3BifetlEzKPf:7
Score

10^/10

asyncrat quasar v15.5.0 | seroxen rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratquasarv15.5.0 | seroxenratspywaretrojan

behavioral2

© 2018-2024

Terms | Privacy