asyncrat | ca047f4682267a1191d703e260b8ac420953985821c328bd80ad766704149ade | Triage

Submit
Reports

Overview

overview

Static

static

3

ca047f4682...de.exe

windows7-x64

ca047f4682...de.exe

windows10-2004-x64

Sharing

General

Target

ca047f4682267a1191d703e260b8ac420953985821c328bd80ad766704149ade
Size

2.2MB
Sample

240510-dazrqahh48
MD5

92612e8a2fc3f5406331b171b6c3b2fa
SHA1

deb4c41292cf8cf0f0187491d1eca4ebb3e47a4f
SHA256

ca047f4682267a1191d703e260b8ac420953985821c328bd80ad766704149ade
SHA512

c282a0ae16c1b43799744a4db1f45d229134f1e0b2008a1093f507bf89589b5624a2e0033ad54c00085cb1d80a25adee0a54e7ec19e3cfa600146ccf8aebd497
SSDEEP

49152:/fCXQoEiDfuFdImBttUJkykJVdd4S1OfLKEY8CODmcjVaTofHiMpGv:/fCXQziDHmHu870S0KENlmcIMitv

Score

10^/10

asyncrat zgrat evasion execution rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ca047f4682267a1191d703e260b8ac420953985821c328bd80ad766704149ade.exe

Resource

win7-20240508-en

asyncrat zgrat evasion execution rat

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

ca047f4682267a1191d703e260b8ac420953985821c328bd80ad766704149ade.exe

Resource

win10v2004-20240426-en

asyncrat zgrat evasion execution rat

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  ca047f4682267a1191d703e260b8ac420953985821c328bd80ad766704149ade
- Size
  
  2.2MB
- MD5
  
  92612e8a2fc3f5406331b171b6c3b2fa
- SHA1
  
  deb4c41292cf8cf0f0187491d1eca4ebb3e47a4f
- SHA256
  
  ca047f4682267a1191d703e260b8ac420953985821c328bd80ad766704149ade
- SHA512
  
  c282a0ae16c1b43799744a4db1f45d229134f1e0b2008a1093f507bf89589b5624a2e0033ad54c00085cb1d80a25adee0a54e7ec19e3cfa600146ccf8aebd497
- SSDEEP
  
  49152:/fCXQoEiDfuFdImBttUJkykJVdd4S1OfLKEY8CODmcjVaTofHiMpGv:/fCXQziDHmHu870S0KENlmcIMitv
Score

10^/10

asyncrat zgrat evasion execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratzgratevasionexecutionrat

behavioral2

asyncratzgratevasionexecutionrat

© 2018-2025

Terms | Privacy