asyncrat | 48c368d7fdacb97f86acb10aee2115276ad56c7e8b470875f641cfdf0303a5fa | Triage

Submit
Reports

Overview

overview

Static

static

1

c90ba43060...77.exe

windows7-x64

c90ba43060...77.exe

windows10-2004-x64

Sharing

General

Target

c90ba430608e000e7b270f5b5157111ee4760fce3269084b5f2b46efd48cf577
Size

1.9MB
Sample

230424-zwzjqsee93
MD5

171da24c24a495819291b45e99f2cb0e
SHA1

6483d9c80da93eea0e84516e371c91336eaef681
SHA256

48c368d7fdacb97f86acb10aee2115276ad56c7e8b470875f641cfdf0303a5fa
SHA512

33779da0ecea8bfe19b7ec610b6297aed5e58e41ab367e54994d23a02d8ddb15d184a9535b4c20a0291f72252a60a60d8d4c8811ab37c0f5c84b85ec48961365
SSDEEP

49152:qbIkVpX0sZ2XrYKSGsWm8JCdybPsaDGlI1f+ROJEnJoi36HNqbeqxq:xNqbJxq

Score

10^/10

asyncrat game rat

Static task

static1

Behavioral task

behavioral1

Sample

c90ba430608e000e7b270f5b5157111ee4760fce3269084b5f2b46efd48cf577.exe

Resource

win7-20230220-en

asyncrat game rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

c90ba430608e000e7b270f5b5157111ee4760fce3269084b5f2b46efd48cf577.exe

Resource

win10v2004-20230221-en

asyncrat game rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Game

C2

84.54.50.51:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  c90ba430608e000e7b270f5b5157111ee4760fce3269084b5f2b46efd48cf577
- Size
  
  1.9MB
- MD5
  
  171da24c24a495819291b45e99f2cb0e
- SHA1
  
  6483d9c80da93eea0e84516e371c91336eaef681
- SHA256
  
  48c368d7fdacb97f86acb10aee2115276ad56c7e8b470875f641cfdf0303a5fa
- SHA512
  
  33779da0ecea8bfe19b7ec610b6297aed5e58e41ab367e54994d23a02d8ddb15d184a9535b4c20a0291f72252a60a60d8d4c8811ab37c0f5c84b85ec48961365
- SSDEEP
  
  49152:qbIkVpX0sZ2XrYKSGsWm8JCdybPsaDGlI1f+ROJEnJoi36HNqbeqxq:xNqbJxq
Score

10^/10

asyncrat game rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratgamerat

behavioral2

asyncratgamerat

© 2018-2024

Terms | Privacy