asyncrat | 27e1d651db990e541da6a4721be1631c252b22b90b1566826c91e63460af08a4 | Triage

Submit
Reports

Overview

overview

Static

static

DriverLicense.exe

windows10-2004-x64

Resubmissions

12/07/2023, 18:12

230712-ws828aec73 10

12/07/2023, 17:13

230712-vrtepsfb5x 10

Sharing

Copy URL Twitter E-mail

General

Target

DriverLicense.exe
Size

98KB
Sample

230712-vrtepsfb5x
MD5

63b8f13a0f05bad7b75be28588acdf44
SHA1

8216bd7cb1f45ed3e4bd7aa1717df27091a9c2ef
SHA256

27e1d651db990e541da6a4721be1631c252b22b90b1566826c91e63460af08a4
SHA512

8814bcdc91284ce4fa5659b27d2463d5a26982b9d5c4633fa911d163a7b7d052a95620fa3e579e4b0ffa9744c411e4fd3f30eccd92a0ff0b79b4589b8fb67ebf
SSDEEP

1536:pnQpgj4pagHQa1Gbb+wAAnRGYtYMsZuhA86VclN:pjj4pawQqGbb+xCcuO8IY

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

DriverLicense.exe

Resource

win10v2004-20230703-en

asyncrat default rat

windows10-2004-x64

11 signatures

30 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:34507

likely-widespread.at.ply.gg:8848

likely-widespread.at.ply.gg:34507

209.25.140.212:8848

209.25.140.212:34507

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
FakeId.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  DriverLicense.exe
- Size
  
  98KB
- MD5
  
  63b8f13a0f05bad7b75be28588acdf44
- SHA1
  
  8216bd7cb1f45ed3e4bd7aa1717df27091a9c2ef
- SHA256
  
  27e1d651db990e541da6a4721be1631c252b22b90b1566826c91e63460af08a4
- SHA512
  
  8814bcdc91284ce4fa5659b27d2463d5a26982b9d5c4633fa911d163a7b7d052a95620fa3e579e4b0ffa9744c411e4fd3f30eccd92a0ff0b79b4589b8fb67ebf
- SSDEEP
  
  1536:pnQpgj4pagHQa1Gbb+wAAnRGYtYMsZuhA86VclN:pjj4pawQqGbb+xCcuO8IY
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

© 2018-2025

Terms | Privacy