asyncrat | be067c2c7c5a474442339d8adc999a0a288d56890d9781e88f536b6183cd398c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

service.exe

windows10-2004-x64

Sharing

General

Target

service.exe
Size

237KB
Sample

230317-g7k7daee93
MD5

ab439c03eb89bc15757588b7b030bea6
SHA1

50411b04ba6c51aab0f706e3a54fc548b5f8df0f
SHA256

be067c2c7c5a474442339d8adc999a0a288d56890d9781e88f536b6183cd398c
SHA512

7784fb618db8f2951bd8032154da86c9f139d51a4e541c9924cfccab99862efbcf92b8cbd582714e5f243d2cd5ee1b9fa2bb076f7d9b683e4b57e7b9e347c9a7
SSDEEP

3072:r4tWK9YMDbz6fV/NpbnyAGJwhOnQdT1MgvAOdj8MXoiTYfSHw69pJZXAqacHy1ly:m9j76xnImFZ1MmF8QTU/urSiLfTP8U

Score

10^/10

asyncrat default evasion rat

Static task

static1

Behavioral task

behavioral1

Sample

service.exe

Resource

win10v2004-20230220-en

asyncrat default evasion rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://pastebin.com/raw/vNcCt60A

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

Mutex

Mutex

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/3Z9zi18j

aes.plain

Targets

- Target
  
  service.exe
- Size
  
  237KB
- MD5
  
  ab439c03eb89bc15757588b7b030bea6
- SHA1
  
  50411b04ba6c51aab0f706e3a54fc548b5f8df0f
- SHA256
  
  be067c2c7c5a474442339d8adc999a0a288d56890d9781e88f536b6183cd398c
- SHA512
  
  7784fb618db8f2951bd8032154da86c9f139d51a4e541c9924cfccab99862efbcf92b8cbd582714e5f243d2cd5ee1b9fa2bb076f7d9b683e4b57e7b9e347c9a7
- SSDEEP
  
  3072:r4tWK9YMDbz6fV/NpbnyAGJwhOnQdT1MgvAOdj8MXoiTYfSHw69pJZXAqacHy1ly:m9j76xnImFZ1MmF8QTU/urSiLfTP8U
Score

10^/10

asyncrat default evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultevasionrat

© 2018-2025

Terms | Privacy