asyncrat | deadf947dc6be85497b30473dcd6ab9a711b2e0a02df847c25f8fd15589a9c8b | Triage

Submit
Reports

Overview

overview

Static

static

1

SeroXen Cr...ll.bat

windows11-21h2-x64

Resubmissions

28-11-2024 05:26

241128-f5dh3stlbl 10

28-11-2024 05:24

241128-f317cstkfp 10

27-09-2024 19:50

240927-ykppqayfma 10

20-08-2024 17:46

240820-wcsqasyhjm 10

11-12-2023 06:01

231211-gq31vsgbh3 10

Sharing

General

Target

SeroXen_Cracked-main.zip
Size

8.2MB
Sample

231211-gq31vsgbh3
MD5

be2e38fdf09445fcc563380b34456834
SHA1

9576198da00fbfd930f2f9700759e290b793e3c6
SHA256

deadf947dc6be85497b30473dcd6ab9a711b2e0a02df847c25f8fd15589a9c8b
SHA512

96bcaafcda5bafe1fc9f6db1eb914517f77c4ddf4767689f21ad0910869005e32ba071e0c682d12b7dd4dfff0ae26a0eaa85236aaf9805b4db7050a93af18c0b
SSDEEP

196608:Fi1/tl0L6Tt768UDVRNvlzZVUuphoFPgEHB4+7SUTAsI1SMLhs:UVl0Y1686NvpWFSKLI1Ps

Score

10^/10

asyncrat quasar v2.2.5 | seroxen rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

SeroXen Crack/SeroXen-install.bat

Resource

win11-20231128-en

asyncrat quasar v2.2.5 | seroxen rat spyware trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v2.2.5 | SeroXen

C2

kimsoylak.ddns.net:4782

Mutex

2cc9d61f-950d-4f23-b7d5-45d9dda2f256

Attributes

encryption_key
F467D794B2E1081B6AD1EAD5813AFA74F053248D
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
1

Targets

- Target
  
  SeroXen Crack/SeroXen-install.bat
- Size
  
  12.6MB
- MD5
  
  898f49c739026123b6a3811fa31abe70
- SHA1
  
  31ff6036b40d70d21cb1c4c0163cba0d4c720551
- SHA256
  
  78b0a14a882dec287c0dc5a294ad02a4a5aaa0d130839d49f282c7d61069471f
- SHA512
  
  a9aa2bf15db84361f315156ee6386cac49c14c2449a72e2f50b2e0b8d100781019c246c03a38a37d5dfc71a7c1c5451457faba074d1a875cab615ecb8d3e453d
- SSDEEP
  
  49152:sW7ldCjqzV0qZpSjVbHDGYxqXTQPJee/X5nerh1gnfFijx6ygGSPlPNEIKlfuK1u:i
Score

10^/10

asyncrat quasar v2.2.5 | seroxen rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratquasarv2.2.5 | seroxenratspywaretrojan

© 2018-2024

Terms | Privacy