asyncrat | bbeb752aacc339f7ef158033bbec70ddec45a2d78844a9f9420472c8f53c88a0 | Triage

Submit
Reports

Overview

overview

Static

static

1

Uni.bat

windows10-1703-x64

Sharing

General

Target

Uni.bat
Size

12.9MB
Sample

230603-nn9h7aha2z
MD5

3544b71987db84694b674062d7d74a29
SHA1

67a1041c5de311e2e3557c2af88da8c06e93a51c
SHA256

bbeb752aacc339f7ef158033bbec70ddec45a2d78844a9f9420472c8f53c88a0
SHA512

d15d8658978ff22cc02065ecbb77ec5c03fdd7246d7c4456a97e1c5ff59f285308b4d603f4be1419b0e3b95209008ff3fab80132df5c4b599e2aa09262d12184
SSDEEP

49152:Cp8wlEGTlT4OZmnakkNluieppjv/Vv73Ie5jLpaj3hy60tOkuC82waNWwzw0nNlO:8

Score

10^/10

asyncrat quasar v15.5.4 | converted rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Uni.bat

Resource

win10-20230220-en

asyncrat quasar v15.5.4 | converted rat spyware trojan

windows10-1703-x64

25 signatures

300 seconds

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v15.5.4 | converted

C2

program-gifts.at.ply.gg:59438

Mutex

e393f62b-3677-4587-82a4-b223e8ac894d

Attributes

encryption_key
7A32A8298A4A90B4D67B1C6B833599E13C052135
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
3000
startup_key
$sxr-seroxen

Targets

- Target
  
  Uni.bat
- Size
  
  12.9MB
- MD5
  
  3544b71987db84694b674062d7d74a29
- SHA1
  
  67a1041c5de311e2e3557c2af88da8c06e93a51c
- SHA256
  
  bbeb752aacc339f7ef158033bbec70ddec45a2d78844a9f9420472c8f53c88a0
- SHA512
  
  d15d8658978ff22cc02065ecbb77ec5c03fdd7246d7c4456a97e1c5ff59f285308b4d603f4be1419b0e3b95209008ff3fab80132df5c4b599e2aa09262d12184
- SSDEEP
  
  49152:Cp8wlEGTlT4OZmnakkNluieppjv/Vv73Ie5jLpaj3hy60tOkuC82waNWwzw0nNlO:8
Score

10^/10

asyncrat quasar v15.5.4 | converted rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratquasarv15.5.4 | convertedratspywaretrojan

© 2018-2024

Terms | Privacy