asyncrat | dc80f45af1fbb5cdad109756841f7668bb5c7688c14434892f8d53c9c64729d5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

fnexternal.exe

windows7-x64

fnexternal.exe

windows10-2004-x64

Sharing

General

Target

fnexternal.exe
Size

47KB
Sample

231006-291easaf65
MD5

0baac525ab667acc805e5fc39365677d
SHA1

bdbf2f2896c5f611bf05d511ae5df283fd4d5075
SHA256

dc80f45af1fbb5cdad109756841f7668bb5c7688c14434892f8d53c9c64729d5
SHA512

f37354cb81e09257926406b02d680387a004886a906b2e7319e6eec25e1e62cc1fd93cb6f27fe1781527613ac329fad25f1a38b9785c4dc685fa142cbeed5cf4
SSDEEP

768:zUSRUbDILQe08+bi7EQ8iZ/8Yb+g9dm546VYvEgK/J3ZVc6KN:oS8ErzbBamnkJ3ZVclN

Score

10^/10

asyncrat default persistence rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

fnexternal.exe

Resource

win7-20230831-en

asyncrat default rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

fnexternal.exe

Resource

win10v2004-20230915-en

asyncrat default persistence rat

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:52364

199.36.223.62:8848

199.36.223.62:52364

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
..exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  fnexternal.exe
- Size
  
  47KB
- MD5
  
  0baac525ab667acc805e5fc39365677d
- SHA1
  
  bdbf2f2896c5f611bf05d511ae5df283fd4d5075
- SHA256
  
  dc80f45af1fbb5cdad109756841f7668bb5c7688c14434892f8d53c9c64729d5
- SHA512
  
  f37354cb81e09257926406b02d680387a004886a906b2e7319e6eec25e1e62cc1fd93cb6f27fe1781527613ac329fad25f1a38b9785c4dc685fa142cbeed5cf4
- SSDEEP
  
  768:zUSRUbDILQe08+bi7EQ8iZ/8Yb+g9dm546VYvEgK/J3ZVc6KN:oS8ErzbBamnkJ3ZVclN
Score

10^/10

asyncrat default rat persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultpersistencerat

© 2018-2025

Terms | Privacy