asyncrat | f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

f191d334ab...f5.exe

windows7-x64

f191d334ab...f5.exe

windows10-2004-x64

Sharing

General

Target

f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5.exe
Size

575KB
Sample

240409-dayvescc38
MD5

18ccd333d9d11e8bc62935caab393521
SHA1

ae54dc1fe193bf3ad174566a47ab1013f107e878
SHA256

f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5
SHA512

a07d2a5cc0cb3044693c0274f728999335021cecf5a5bd697720c88e952f8ca69fd5e5ea7e581a3e400df439de6d5cb8d16d6dad6238f6415eaf4d7e5e1cba21
SSDEEP

12288:UB1oVeonJHI5mtDWQyskRb+udA2w1nelK8X+e:eo5dWmFWXRNA2/RX7

Score

10^/10

asyncrat testing rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5.exe

Resource

win7-20240319-en

asyncrat testing rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5.exe

Resource

win10v2004-20240226-en

asyncrat testing rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Testing

C2

91.207.102.163:9899

Mutex

HbLmK5pOLkik

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5.exe
- Size
  
  575KB
- MD5
  
  18ccd333d9d11e8bc62935caab393521
- SHA1
  
  ae54dc1fe193bf3ad174566a47ab1013f107e878
- SHA256
  
  f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5
- SHA512
  
  a07d2a5cc0cb3044693c0274f728999335021cecf5a5bd697720c88e952f8ca69fd5e5ea7e581a3e400df439de6d5cb8d16d6dad6238f6415eaf4d7e5e1cba21
- SSDEEP
  
  12288:UB1oVeonJHI5mtDWQyskRb+udA2w1nelK8X+e:eo5dWmFWXRNA2/RX7
Score

10^/10

asyncrat testing rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detects executables packed with SmartAssembly
- Detects file containing reversed ASEP Autorun registry keys
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncrattestingrat

behavioral2

asyncrattestingrat

© 2018-2025

Terms | Privacy