asyncrat | fe2c786ed4dd2c76c6352623c6b46644a9a640eb1093fdadd53688f9940f6bdc | Triage

Submit
Reports

Overview

overview

Static

static

RuntimeBroker.exe

windows10-2004-x64

Sharing

General

Target

RuntimeBroker.exe
Size

63KB
Sample

240731-v63lxszfrc
MD5

f5a40491d3d4f90d1f414c932841741e
SHA1

8f8a02955aa090e13d29138507446fe7e566a99a
SHA256

fe2c786ed4dd2c76c6352623c6b46644a9a640eb1093fdadd53688f9940f6bdc
SHA512

ede3a856ec9374c68c57b8d8ba3a44c124c115c5b56c7eee9c3699a37c49828c2bec5e26a917ce186f1d23b54f01f2651f1f099084a3a6a1f3ad9ec54f3c0476
SSDEEP

1536:vZI9tj/J4cDzCAzVBOnhKfMZ4JGbbpwAiCkbnonGfkpqKmY7:vZctj/J4cDz5B8hfgGbbplWnoovz

Score

10^/10

asyncrat chuwawa rat

Static task

static1

rat chuwawa asyncrat

3 signatures

Behavioral task

behavioral1

Sample

RuntimeBroker.exe

Resource

win10v2004-20240730-en

asyncrat chuwawa rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

ChuWaWa 5.2

Botnet

ChuWaWa

C2

31.173.170.243:7777

Mutex

ChuWaWaRatMutex_penka

Attributes

delay
1
install
true
install_file
RuntimeBroker.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RuntimeBroker.exe
- Size
  
  63KB
- MD5
  
  f5a40491d3d4f90d1f414c932841741e
- SHA1
  
  8f8a02955aa090e13d29138507446fe7e566a99a
- SHA256
  
  fe2c786ed4dd2c76c6352623c6b46644a9a640eb1093fdadd53688f9940f6bdc
- SHA512
  
  ede3a856ec9374c68c57b8d8ba3a44c124c115c5b56c7eee9c3699a37c49828c2bec5e26a917ce186f1d23b54f01f2651f1f099084a3a6a1f3ad9ec54f3c0476
- SSDEEP
  
  1536:vZI9tj/J4cDzCAzVBOnhKfMZ4JGbbpwAiCkbnonGfkpqKmY7:vZctj/J4cDz5B8hfgGbbplWnoovz
Score

10^/10

asyncrat chuwawa rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratchuwawaasyncrat

behavioral1

asyncratchuwawarat

© 2018-2025

Terms | Privacy