asyncrat | 07cf0a5861804708fe24a76681e4e1945379ed8e3f71678c9545490b7e78e4ee | Triage

Submit
Reports

Overview

overview

Static

static

1

ExLoader_I...er.exe

windows10-2004-x64

Sharing

General

Target

ExLoader_Installer.exe
Size

23.3MB
Sample

230325-pcd4ksce99
MD5

d87a43f5c2744f5014401405aad5aa27
SHA1

e13b43d6eb814c7f0ac606754a9eaebe6bd26c43
SHA256

07cf0a5861804708fe24a76681e4e1945379ed8e3f71678c9545490b7e78e4ee
SHA512

be65334aa0f057a469d3f76377b54743e19e63c5df71381b63742cc6f0b075133f1a0e612906386dc6c4fbcc1fce90c84a029a41bb4b30c6b2fe98fcbcec5456
SSDEEP

393216:LmZ9vsN9Vz7SJ5E5clszZw4+f0OuQ+cXXFLRCFM9QT4WR/jADCLWY:iZ9qVz7u5sXAf/F+cXLyM9QHxjADCLr

Score

10^/10

asyncrat default evasion rat

Static task

static1

Behavioral task

behavioral1

Sample

ExLoader_Installer.exe

Resource

win10v2004-20230220-en

asyncrat default evasion rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://pastebin.com/raw/vNcCt60A

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

Mutex

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/3Z9zi18j

aes.plain

Targets

- Target
  
  ExLoader_Installer.exe
- Size
  
  23.3MB
- MD5
  
  d87a43f5c2744f5014401405aad5aa27
- SHA1
  
  e13b43d6eb814c7f0ac606754a9eaebe6bd26c43
- SHA256
  
  07cf0a5861804708fe24a76681e4e1945379ed8e3f71678c9545490b7e78e4ee
- SHA512
  
  be65334aa0f057a469d3f76377b54743e19e63c5df71381b63742cc6f0b075133f1a0e612906386dc6c4fbcc1fce90c84a029a41bb4b30c6b2fe98fcbcec5456
- SSDEEP
  
  393216:LmZ9vsN9Vz7SJ5E5clszZw4+f0OuQ+cXXFLRCFM9QT4WR/jADCLWY:iZ9qVz7u5sXAf/F+cXLyM9QHxjADCLr
Score

10^/10

asyncrat default evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratdefaultevasionrat

© 2018-2024

Terms | Privacy