asyncrat | 734b51174ef82cd21c44faeca68824b3aa688d3173d7e55e61895efb3119d58f | Triage

Submit
Reports

Overview

overview

Static

static

3

Client.exe

windows10-1703-x64

Client.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Client.exe
Size

152KB
Sample

240124-qhdwfabbcj
MD5

4eca25e5d48e5a2545d3338b1917cb63
SHA1

a1bf9a31f79d361cd4868bdc416093d3c4e1c395
SHA256

734b51174ef82cd21c44faeca68824b3aa688d3173d7e55e61895efb3119d58f
SHA512

7f4e5d8e54c9137d4f4c8074fa89488891f1cd5049be42a0f4ae3edd9eb653c68e29a15f3ebd03aaca531978b5697eb3a1bb8fde460d98a874eac2b9332620b2
SSDEEP

3072:Lt58/dhceTZZw53OK8fSCJTXDErgzEsGbURCSijVyWb1JGYQ:4d68ZwoLfNJTXDEWGbUsjJbp

Score

10^/10

asyncrat evasion persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win10-20231215-en

asyncrat evasion persistence rat

windows10-1703-x64

20 signatures

300 seconds

Behavioral task

behavioral2

Sample

Client.exe

Resource

win10v2004-20231215-en

asyncrat evasion persistence rat

windows10-2004-x64

25 signatures

300 seconds

Malware Config

Targets

- Target
  
  Client.exe
- Size
  
  152KB
- MD5
  
  4eca25e5d48e5a2545d3338b1917cb63
- SHA1
  
  a1bf9a31f79d361cd4868bdc416093d3c4e1c395
- SHA256
  
  734b51174ef82cd21c44faeca68824b3aa688d3173d7e55e61895efb3119d58f
- SHA512
  
  7f4e5d8e54c9137d4f4c8074fa89488891f1cd5049be42a0f4ae3edd9eb653c68e29a15f3ebd03aaca531978b5697eb3a1bb8fde460d98a874eac2b9332620b2
- SSDEEP
  
  3072:Lt58/dhceTZZw53OK8fSCJTXDErgzEsGbURCSijVyWb1JGYQ:4d68ZwoLfNJTXDEWGbUsjJbp
Score

10^/10

asyncrat evasion persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Async RAT payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratevasionpersistencerat

behavioral2

asyncratevasionpersistencerat

© 2018-2025

Terms | Privacy