asyncrat | f2ade3ae8bf5ba063e0c5911c2996bafa09de659b23bbd3014747e12a378724e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

service_updated.exe

windows7-x64

3

service_updated.exe

windows10-2004-x64

Sharing

General

Target

service_updated.exe
Size

26KB
Sample

230315-avjdpace3w
MD5

0ba94632c859dabbdeb1c68ebd7ca34d
SHA1

70f25b976fb529d4826d9560288560d7c3f5b63e
SHA256

f2ade3ae8bf5ba063e0c5911c2996bafa09de659b23bbd3014747e12a378724e
SHA512

be6889837f1556dfde6334ab3dd9245694d79a1495c4be86eecc0ba2695beeaaa4aebfd5fd9e27cdceea2a2e6a65e7624efce48c0ba92bc3f8550d5c914d5ef0
SSDEEP

384:IJJo2hYvWMUMGYZapeJiPRQMFWsXrMTW4g1CwL1CyDb+/cG7mljCD0m3HtnX:JEH1eJiJVXrM41v1C8bpCaCgm3HtX

Score

10^/10

asyncrat default evasion rat

Static task

static1

Behavioral task

behavioral1

Sample

service_updated.exe

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

service_updated.exe

Resource

win10v2004-20230220-en

asyncrat default evasion rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
10
install
true
install_file
csrss.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/3Z9zi18j

aes.plain

Targets

- Target
  
  service_updated.exe
- Size
  
  26KB
- MD5
  
  0ba94632c859dabbdeb1c68ebd7ca34d
- SHA1
  
  70f25b976fb529d4826d9560288560d7c3f5b63e
- SHA256
  
  f2ade3ae8bf5ba063e0c5911c2996bafa09de659b23bbd3014747e12a378724e
- SHA512
  
  be6889837f1556dfde6334ab3dd9245694d79a1495c4be86eecc0ba2695beeaaa4aebfd5fd9e27cdceea2a2e6a65e7624efce48c0ba92bc3f8550d5c914d5ef0
- SSDEEP
  
  384:IJJo2hYvWMUMGYZapeJiPRQMFWsXrMTW4g1CwL1CyDb+/cG7mljCD0m3HtnX:JEH1eJiJVXrM41v1C8bpCaCgm3HtX
Score

10^/10

asyncrat default evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultevasionrat

© 2018-2025

Terms | Privacy