asyncrat | d63b1658179ccc4b45c7f9726b83e32763850a046480b76a8f8920c709309b3e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

PingOptimizerMain.bat

windows7-x64

1

PingOptimizerMain.bat

windows10-2004-x64

Resubmissions

09/01/2024, 11:27

240109-nkymhsgdcj 10

09/01/2024, 11:03

240109-m5m6vaffdq 10

Sharing

General

Target

PingOptimizerMain.bat
Size

11.7MB
Sample

240109-m5m6vaffdq
MD5

ffc97bdf56ecbee34e263c88f330a9fd
SHA1

7f83beb8534cdc3f3ee2147e74d6f698812f2859
SHA256

d63b1658179ccc4b45c7f9726b83e32763850a046480b76a8f8920c709309b3e
SHA512

09a9dbf6d13297a89ea4d1dbe56ae8f4485ecb832b8fe4cf302d805aa1077ed496e1e84024014ad2238b937fd09c21067112bf52aec373deaf4c20df51ae85c1
SSDEEP

49152:zA8wtTTWxiw/n2WZfp8Nuw3PdwARNLfKu5LTEgwJt/eYr8ZLYY3GU80pJzgN5Vsi:X

Score

10^/10

asyncrat quasar v3.0.6 | seroxen rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

PingOptimizerMain.bat

Resource

win7-20231215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

PingOptimizerMain.bat

Resource

win10v2004-20231215-en

asyncrat quasar v3.0.6 | seroxen rat spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v3.0.6 | SeroXen

C2

amazon-nr.gl.at.ply.gg:56754

Mutex

a84ac298-1532-4b9d-a759-74f70b16a4b6

Attributes

encryption_key
F28222E368B70A89947BE773CD2BA6F55AF0A35F
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
3000

Targets

- Target
  
  PingOptimizerMain.bat
- Size
  
  11.7MB
- MD5
  
  ffc97bdf56ecbee34e263c88f330a9fd
- SHA1
  
  7f83beb8534cdc3f3ee2147e74d6f698812f2859
- SHA256
  
  d63b1658179ccc4b45c7f9726b83e32763850a046480b76a8f8920c709309b3e
- SHA512
  
  09a9dbf6d13297a89ea4d1dbe56ae8f4485ecb832b8fe4cf302d805aa1077ed496e1e84024014ad2238b937fd09c21067112bf52aec373deaf4c20df51ae85c1
- SSDEEP
  
  49152:zA8wtTTWxiw/n2WZfp8Nuw3PdwARNLfKu5LTEgwJt/eYr8ZLYY3GU80pJzgN5Vsi:X
Score

10^/10

asyncrat quasar v3.0.6 | seroxen rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratquasarv3.0.6 | seroxenratspywaretrojan

© 2018-2025

Terms | Privacy