asyncrat | b2c58a9b825b968a5e48ee6942c45fd44b88597248e5b4528c72ce9b9baca9f5 | Triage

Submit
Reports

Overview

overview

Static

static

Client.exe

windows10-2004-x64

Client.exe

windows11-21h2-x64

Sharing

General

Target

Client.exe
Size

47KB
Sample

240731-wcjgmawcjl
MD5

fb11528a2333082ba221031b9a9a0e77
SHA1

af59136079fc620db3ff50f0a00cc4768bc05336
SHA256

b2c58a9b825b968a5e48ee6942c45fd44b88597248e5b4528c72ce9b9baca9f5
SHA512

344d4638da6abc45286c32dcd53856e3e3c1ec856a3a2fe57f1140d5475cd6f6e836bf651d152abdef67a0f8e65647e985512f8f6630f9b47a1e47513269d10b
SSDEEP

768:4q+s3pUtDILNCCa+DiptelDSN+iV08YbygeB5gyZaUhvEgK/JvZVc6KN:4q+AGtQOptKDs4zb1BynkJvZVclN

Score

10^/10

asyncrat default ransomware rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win10v2004-20240730-en

asyncrat default rat

windows10-2004-x64

6 signatures

600 seconds

Behavioral task

behavioral2

Sample

Client.exe

Resource

win11-20240730-en

asyncrat default ransomware rat

windows11-21h2-x64

9 signatures

600 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:37029

147.185.221.21:8848

147.185.221.21:37029

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  47KB
- MD5
  
  fb11528a2333082ba221031b9a9a0e77
- SHA1
  
  af59136079fc620db3ff50f0a00cc4768bc05336
- SHA256
  
  b2c58a9b825b968a5e48ee6942c45fd44b88597248e5b4528c72ce9b9baca9f5
- SHA512
  
  344d4638da6abc45286c32dcd53856e3e3c1ec856a3a2fe57f1140d5475cd6f6e836bf651d152abdef67a0f8e65647e985512f8f6630f9b47a1e47513269d10b
- SSDEEP
  
  768:4q+s3pUtDILNCCa+DiptelDSN+iV08YbygeB5gyZaUhvEgK/JvZVc6KN:4q+AGtQOptKDs4zb1BynkJvZVclN
Score

10^/10

asyncrat default rat ransomware
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Renames multiple (4490) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultransomwarerat

© 2018-2025

Terms | Privacy