asyncrat | 73073ff98d229b84b7d857d2934440f0107d960ece080ba1281a0940c740ccb6 | Triage

Submit
Reports

Overview

overview

Static

static

1

Uni.bat

windows7-x64

7

Uni.bat

windows10-2004-x64

Resubmissions

30/09/2023, 20:01

230930-yrr4esfb7w 10

30/09/2023, 19:56

230930-yn1amagf44 7

Sharing

Copy URL Twitter E-mail

General

Target

Uni.bat
Size

12.5MB
Sample

230930-yrr4esfb7w
MD5

dc6a0e74f0f377f122502fe56f24701e
SHA1

a5a97d00f47d5f577bef14cee5e510c39f51bdbc
SHA256

73073ff98d229b84b7d857d2934440f0107d960ece080ba1281a0940c740ccb6
SHA512

94816734e3bfa98bc57132cbbabc129267498c45f23c0b1846c291248b647ab772e4e59f860ff4abd6cc37fbf8e634202268662c934f7620a1d5530134f4f1f2
SSDEEP

49152:XfB9XOZ4339wz3TuoLYYx+QC7BUssJanETvN7zHOBVk3WAYaeCQyetfUBgvfHMhr:O

Score

10^/10

asyncrat quasar v2.2.3 | seroxen rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Uni.bat

Resource

win7-20230831-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Uni.bat

Resource

win10v2004-20230915-en

asyncrat quasar v2.2.3 | seroxen rat spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v2.2.3 | SeroXen

C2

Puryx-64788.portmap.host:64788

Mutex

0c27d73c-e744-4319-a220-a73b08da980f

Attributes

encryption_key
DE7B4BE6BA198F306661142656C505D77AF3F768
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
3000

Targets

- Target
  
  Uni.bat
- Size
  
  12.5MB
- MD5
  
  dc6a0e74f0f377f122502fe56f24701e
- SHA1
  
  a5a97d00f47d5f577bef14cee5e510c39f51bdbc
- SHA256
  
  73073ff98d229b84b7d857d2934440f0107d960ece080ba1281a0940c740ccb6
- SHA512
  
  94816734e3bfa98bc57132cbbabc129267498c45f23c0b1846c291248b647ab772e4e59f860ff4abd6cc37fbf8e634202268662c934f7620a1d5530134f4f1f2
- SSDEEP
  
  49152:XfB9XOZ4339wz3TuoLYYx+QC7BUssJanETvN7zHOBVk3WAYaeCQyetfUBgvfHMhr:O
Score

10^/10

asyncrat quasar v2.2.3 | seroxen rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratquasarv2.2.3 | seroxenratspywaretrojan

© 2018-2025

Terms | Privacy