asyncrat | 284fd3f018a4477fae7d37a1e79300f1ccfd4fd1f8b2247b25db36d1e9487e7a | Triage

Submit
Reports

Overview

overview

Static

static

1

ogfncheats.bat

windows7-x64

7

ogfncheats.bat

windows10-2004-x64

Sharing

General

Target

ogfncheats.bat
Size

12.5MB
Sample

231223-1jet8shcdm
MD5

f5887c10643d58145e6322c8344b0169
SHA1

52738891d47f153d1d833b87cd9ec33f8ab2065d
SHA256

284fd3f018a4477fae7d37a1e79300f1ccfd4fd1f8b2247b25db36d1e9487e7a
SHA512

b6ac2b6827484cd4a2959c0274fb9d57dee56699d8c2120528c477277ae5117b89450cfa16fa33bde71250404a588fa14adf872f120e364b3f14b28304ae1264
SSDEEP

49152:DZeMEzX//hQjnzQOMfpqqm1AoOhr3CHiOVeE6g6O6phedXk/Baug+pR4BUkWWTyz:4

Score

10^/10

asyncrat quasar v2.2.3 | seroxen rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

ogfncheats.bat

Resource

win7-20231215-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ogfncheats.bat

Resource

win10v2004-20231215-en

asyncrat quasar v2.2.3 | seroxen rat spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v2.2.3 | SeroXen

C2

european-robert.gl.at.ply.gg:43917

Mutex

816d330a-0199-4676-8308-586f21e65988

Attributes

encryption_key
03D4B9A32AA2E0B8E7FE7E0957A921C9A3869870
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
2000

Targets

- Target
  
  ogfncheats.bat
- Size
  
  12.5MB
- MD5
  
  f5887c10643d58145e6322c8344b0169
- SHA1
  
  52738891d47f153d1d833b87cd9ec33f8ab2065d
- SHA256
  
  284fd3f018a4477fae7d37a1e79300f1ccfd4fd1f8b2247b25db36d1e9487e7a
- SHA512
  
  b6ac2b6827484cd4a2959c0274fb9d57dee56699d8c2120528c477277ae5117b89450cfa16fa33bde71250404a588fa14adf872f120e364b3f14b28304ae1264
- SSDEEP
  
  49152:DZeMEzX//hQjnzQOMfpqqm1AoOhr3CHiOVeE6g6O6phedXk/Baug+pR4BUkWWTyz:4
Score

10^/10

asyncrat quasar v2.2.3 | seroxen rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratquasarv2.2.3 | seroxenratspywaretrojan

© 2018-2025

Terms | Privacy