asyncrat | b440f7efd5865cb247ba6bdbb9a64480aa41269b7da563f41449fba038787d49 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

97f70b6807...90.exe

windows7-x64

97f70b6807...90.exe

windows10-2004-x64

Sharing

General

Target

b440f7efd5865cb247ba6bdbb9a64480aa41269b7da563f41449fba038787d49
Size

26KB
Sample

240419-wyjdracf4s
MD5

1c79cd46b5ea48eeb851e7d6f1ec011f
SHA1

46c79470a62d445de216f4f0110ec125eb69a0e7
SHA256

b440f7efd5865cb247ba6bdbb9a64480aa41269b7da563f41449fba038787d49
SHA512

1a71429bf8961f1980d6d4e06075ac34a32b388d1e69288e83cfd0c51a83918071d46f1ae67439c0432c82978749416952fe9187bfc18c6b73a92c956c8987d5
SSDEEP

384:Dl1p+NdO2AvA8dIiPvX3QVLaWDq/0h4IjN/apwj/VaTxHOqC1EBh9Kvw2TxmWNFZ:TQRV4IiXD/Co+kTxFYEBHSwCxmMFZ

Score

10^/10

asyncrat hei rat

Static task

static1

rat hei asyncrat

3 signatures

Behavioral task

behavioral1

Sample

97f70b6807192398746dd93449c2fdf4353533313c021aca4d0aa5e74f82d990.exe

Resource

win7-20231129-en

asyncrat hei rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

97f70b6807192398746dd93449c2fdf4353533313c021aca4d0aa5e74f82d990.exe

Resource

win10v2004-20240412-en

asyncrat hei rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Hei

Mutex

r6rQyqJg4Z3n

Attributes

c2_url_file
http://d.sso.mom:18086/SSIP.html
delay
3
install
true
install_file
Micrcsoft.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  97f70b6807192398746dd93449c2fdf4353533313c021aca4d0aa5e74f82d990
- Size
  
  65KB
- MD5
  
  3712477f2075218e74bdf987b23b578d
- SHA1
  
  95d8ef64bfc80a2cda65a4992a63083988207f67
- SHA256
  
  97f70b6807192398746dd93449c2fdf4353533313c021aca4d0aa5e74f82d990
- SHA512
  
  1a767e93ca25f0117864a5c3e1eced57a8142d5fc3d300f64f2460aac3e13ae826fc06aba195f75184651f06a76ad8f2c7adeb35ff297dc7a2ce55b9503e2e8f
- SSDEEP
  
  1536:dumO1TQq726uw/O2CenkR7bExca0tICKfX5WxHd5w:dumaTQq725w/bCenkVbExzCKfX8xHjw
Score

10^/10

asyncrat hei rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy