asyncrat | ea5a59097ac39f79bb5d6d473f0e9d3f6bd25d25aed087f05fa5549effbd6c6a | Triage

Submit
Reports

Overview

overview

Static

static

1

3.png

windows10-2004-x64

Sharing

General

Target

3.png
Size

118KB
Sample

240724-w73tratfmb
MD5

29a09f4651a97213b777612158b7a6c8
SHA1

c57011a73ca0e08efbefdf0021a1b529b1565a07
SHA256

ea5a59097ac39f79bb5d6d473f0e9d3f6bd25d25aed087f05fa5549effbd6c6a
SHA512

ea4d6a876012042556936439dc8bb53a164359a9a4a7a73ef0d4bf348444276749f4ab3df3898cb98ebba31011fa218760ec08bf4a1b02c85ccb056e334d3989
SSDEEP

3072:u/D0I7Yn0PVFnSwJKr7+8vc8iR1dB5M9ly54tjHpaqJTXr:4B7I09Aw8ryR10y54tjJaqJzr

Score

10^/10

asyncrat discovery persistence privilege_escalation rat

Static task

static1

Behavioral task

behavioral1

Sample

3.png

Resource

win10v2004-20240709-en

asyncrat discovery persistence privilege_escalation rat

windows10-2004-x64

21 signatures

1800 seconds

Malware Config

Targets

- Target
  
  3.png
- Size
  
  118KB
- MD5
  
  29a09f4651a97213b777612158b7a6c8
- SHA1
  
  c57011a73ca0e08efbefdf0021a1b529b1565a07
- SHA256
  
  ea5a59097ac39f79bb5d6d473f0e9d3f6bd25d25aed087f05fa5549effbd6c6a
- SHA512
  
  ea4d6a876012042556936439dc8bb53a164359a9a4a7a73ef0d4bf348444276749f4ab3df3898cb98ebba31011fa218760ec08bf4a1b02c85ccb056e334d3989
- SSDEEP
  
  3072:u/D0I7Yn0PVFnSwJKr7+8vc8iR1dB5M9ly54tjHpaqJTXr:4B7I09Aw8ryR10y54tjJaqJzr
Score

10^/10

asyncrat discovery persistence privilege_escalation rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdiscoverypersistenceprivilege_escalationrat

© 2018-2025

Terms | Privacy