asyncrat | 4ca7277273f9409593101a4e73211877696ae1bed8fddd28650fdd9877ffd6f0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

r132-031Payment.exe

windows7-x64

r132-031Payment.exe

windows10-2004-x64

Sharing

General

Target

r132-031Payment.exe
Size

369KB
Sample

231012-rcm3lafc92
MD5

2d21173d46e5ed9795ee28f6900edfbc
SHA1

e0e16b8d5932434f0a18e1dbab1c102d818f9700
SHA256

4ca7277273f9409593101a4e73211877696ae1bed8fddd28650fdd9877ffd6f0
SHA512

c90095702262ac1bac1ed592a3417485e1ef03871a78546722f10dc3f33e4644b06391aaf090f8a4affc43dfe0223ff781699858b14fdcd77d09eff8838d9434
SSDEEP

6144:Q1cJnjX2zt02wn7GHNX+oqUXMlC6OK8Yp2sSsXB0mfnUIbj:IcJnCz/wnKHVEUXMlCMWsSIvfVbj

Score

10^/10

asyncrat default persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

r132-031Payment.exe

Resource

win7-20230831-en

asyncrat default persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

r132-031Payment.exe

Resource

win10v2004-20230915-en

asyncrat default persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

bestsuccess.ddns.net:2442

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  r132-031Payment.exe
- Size
  
  369KB
- MD5
  
  2d21173d46e5ed9795ee28f6900edfbc
- SHA1
  
  e0e16b8d5932434f0a18e1dbab1c102d818f9700
- SHA256
  
  4ca7277273f9409593101a4e73211877696ae1bed8fddd28650fdd9877ffd6f0
- SHA512
  
  c90095702262ac1bac1ed592a3417485e1ef03871a78546722f10dc3f33e4644b06391aaf090f8a4affc43dfe0223ff781699858b14fdcd77d09eff8838d9434
- SSDEEP
  
  6144:Q1cJnjX2zt02wn7GHNX+oqUXMlC6OK8Yp2sSsXB0mfnUIbj:IcJnCz/wnKHVEUXMlCMWsSIvfVbj
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistencerat

behavioral2

asyncratdefaultpersistencerat

© 2018-2025

Terms | Privacy