asyncrat | 7508dd55323850161d037626592fc56eb6be4cc917c68ba90f3c5866f5c2b59d | Triage

Submit
Reports

Overview

overview

Static

static

8

ORDER-230316.xlsm

windows7-x64

ORDER-230316.xlsm

windows10-2004-x64

Sharing

General

Target

ORDER-230316.xlsm
Size

41KB
Sample

230316-de1vksgf43
MD5

91b915d7c1079e51e241748a006da03c
SHA1

846a9d44011340ebc31439f316efc2d1e5b279a6
SHA256

7508dd55323850161d037626592fc56eb6be4cc917c68ba90f3c5866f5c2b59d
SHA512

e40c725e1ca805ea9613e6f8f77f1119337e5bda49b6f5cd1f3cd7aa9f4f4da2aa744ec86cc6c5d7f264173390148ba07cc7968c22d340aceea31df5d3bf54c2
SSDEEP

768:iATtXvQ04qta8v+nWE8hMBIJYfTH+niSplFFiKk/fsgvRag+neWM:VxvSqJv+xG1BjFFi3/Egvg/e9

Score

10^/10

asyncrat latest macro persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ORDER-230316.xlsm

Resource

win7-20230220-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDER-230316.xlsm

Resource

win10v2004-20230220-en

asyncrat latest persistence rat

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

LATEST

C2

chongmei33.publicvm.com:2703

chongmei33.publicvm.com:49746

chongmei33.publicvm.com:6974

chonglee575.duckdns.org:2703

chonglee575.duckdns.org:49746

chonglee575.duckdns.org:6974

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
update.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ORDER-230316.xlsm
- Size
  
  41KB
- MD5
  
  91b915d7c1079e51e241748a006da03c
- SHA1
  
  846a9d44011340ebc31439f316efc2d1e5b279a6
- SHA256
  
  7508dd55323850161d037626592fc56eb6be4cc917c68ba90f3c5866f5c2b59d
- SHA512
  
  e40c725e1ca805ea9613e6f8f77f1119337e5bda49b6f5cd1f3cd7aa9f4f4da2aa744ec86cc6c5d7f264173390148ba07cc7968c22d340aceea31df5d3bf54c2
- SSDEEP
  
  768:iATtXvQ04qta8v+nWE8hMBIJYfTH+niSplFFiKk/fsgvRag+neWM:VxvSqJv+xG1BjFFi3/Egvg/e9
Score

10^/10

asyncrat latest persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratlatestpersistencerat

© 2018-2025

Terms | Privacy