asyncrat | 760d61c1b76f9a909e2e427ed60c7cc76ebb32246b8aec5459d882a04482b1ea | Triage

Submit
Reports

Overview

overview

Static

static

Client.exe

windows7-x64

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

47KB
Sample

240218-m3y6bshf86
MD5

304d41baaa716a6d582877785f93ef68
SHA1

a2b16217d6326c54fbd7ca5586519d50ce3e20ca
SHA256

760d61c1b76f9a909e2e427ed60c7cc76ebb32246b8aec5459d882a04482b1ea
SHA512

2a1f1859bf1ee1ff3be5469d44daf96ba8e6f26e377a6e538e64be815d4e7eb87911b0cbd2cddd3135c2f0e6933151fc47f8aeefa22e7becfa1babb8d38f3a41
SSDEEP

768:59n7mxUzILWCaS+Di1xCKzVixM8YbxgeXP9RavEgK/JXZVc6KN:597AKW1xCGLzb+SPTankJXZVclN

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win7-20231129-en

asyncrat default rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client.exe

Resource

win10v2004-20231222-en

asyncrat default rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:16234

6.tcp.eu.ngrok.io:8848

6.tcp.eu.ngrok.io:16234

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
WindowsDefender.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  47KB
- MD5
  
  304d41baaa716a6d582877785f93ef68
- SHA1
  
  a2b16217d6326c54fbd7ca5586519d50ce3e20ca
- SHA256
  
  760d61c1b76f9a909e2e427ed60c7cc76ebb32246b8aec5459d882a04482b1ea
- SHA512
  
  2a1f1859bf1ee1ff3be5469d44daf96ba8e6f26e377a6e538e64be815d4e7eb87911b0cbd2cddd3135c2f0e6933151fc47f8aeefa22e7becfa1babb8d38f3a41
- SSDEEP
  
  768:59n7mxUzILWCaS+Di1xCKzVixM8YbxgeXP9RavEgK/JXZVc6KN:597AKW1xCGLzb+SPTankJXZVclN
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2025

Terms | Privacy