asyncrat | 2029ad0bf4a39a9e0e880434117e8502eb04ed983fb1c1a8f5814f2fe3dad43f | Triage

Submit
Reports

Overview

overview

Static

static

3

3724ea07a6...0N.exe

windows7-x64

3724ea07a6...0N.exe

windows10-2004-x64

Sharing

General

Target

3724ea07a65c5ccdacd951990a435690N.exe
Size

267KB
Sample

240721-a2mppa1hra
MD5

3724ea07a65c5ccdacd951990a435690
SHA1

46dc11d1083894c282fd0ba7837a8ff68beadf22
SHA256

2029ad0bf4a39a9e0e880434117e8502eb04ed983fb1c1a8f5814f2fe3dad43f
SHA512

2a935625a483989c3b11b4edea15509ccde13503c6a0999e536824582a54ce05ff8c454ad6a61dc3a3364f5381273df82ac1152b4bad2c534e47a3cfe3b0c2e0
SSDEEP

3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sXG:WFzDqa86hV6uRRqX1evPlwAEXG

Score

10^/10

asyncrat persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3724ea07a65c5ccdacd951990a435690N.exe

Resource

win7-20240704-en

asyncrat persistence rat

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

3724ea07a65c5ccdacd951990a435690N.exe

Resource

win10v2004-20240709-en

asyncrat persistence rat

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  3724ea07a65c5ccdacd951990a435690N.exe
- Size
  
  267KB
- MD5
  
  3724ea07a65c5ccdacd951990a435690
- SHA1
  
  46dc11d1083894c282fd0ba7837a8ff68beadf22
- SHA256
  
  2029ad0bf4a39a9e0e880434117e8502eb04ed983fb1c1a8f5814f2fe3dad43f
- SHA512
  
  2a935625a483989c3b11b4edea15509ccde13503c6a0999e536824582a54ce05ff8c454ad6a61dc3a3364f5381273df82ac1152b4bad2c534e47a3cfe3b0c2e0
- SSDEEP
  
  3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sXG:WFzDqa86hV6uRRqX1evPlwAEXG
Score

10^/10

asyncrat persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2

asyncratpersistencerat

© 2018-2025

Terms | Privacy