asyncrat | 1c35ccddb27c1aad4ad012a75ff24bd1aee773b4ae62e9eee50e799343993c11 | Triage

Submit
Reports

Overview

overview

Static

static

4476d0eb2a...67.exe

windows7-x64

4476d0eb2a...67.exe

windows10-2004-x64

Sharing

General

Target

1c35ccddb27c1aad4ad012a75ff24bd1aee773b4ae62e9eee50e799343993c11
Size

30KB
Sample

240802-cldg7azcjj
MD5

bb77bb2e82f0066fe1aea3ef9bff7851
SHA1

77bcf4d8615a320fcd06a782ad1db3df4605e8db
SHA256

1c35ccddb27c1aad4ad012a75ff24bd1aee773b4ae62e9eee50e799343993c11
SHA512

605506115ee3c58c012bf1453f9bad692b354af382adf27ddc28cbd1b839de643f5370ce0aef54db0755c1f73662a15b4ce921a79cb6fa32a94cc01253bff994
SSDEEP

768:giE202X/0eVXCgTxNH0Dc5j2V69AhEfAtLNm4nkCQd6mUI:gZVm/BSgV+DoghEfImbd6mUI

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

4476d0eb2a47cb9bfe3155abf0a1603de727dd127f4df099b344df56c22c0d67.exe

Resource

win7-20240708-en

asyncrat default rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

4476d0eb2a47cb9bfe3155abf0a1603de727dd127f4df099b344df56c22c0d67.exe

Resource

win10v2004-20240730-en

asyncrat default rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.2

Botnet

Default

C2

stores-less.gl.at.ply.gg:45080

Mutex

AtomRatMutex_penka

Attributes

delay
1
install
true
install_file
piskat.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  4476d0eb2a47cb9bfe3155abf0a1603de727dd127f4df099b344df56c22c0d67.exe
- Size
  
  63KB
- MD5
  
  1b8eea1226cd913da97c0c0b8a806b18
- SHA1
  
  4320bde806e4fb5792be6bfb2e0b45ae30033fa0
- SHA256
  
  4476d0eb2a47cb9bfe3155abf0a1603de727dd127f4df099b344df56c22c0d67
- SHA512
  
  70fca344d74efe3e1bf9268e36bd2aac698e69cde340559f5a0df603bf996d06f6b60920cf02ecf19c8532f6a6d6210a4c9ad54a61ddbf12541ae0cfee3da7f1
- SSDEEP
  
  1536:zZgPH9F4s1THE6HTIiTEulumGbb+wAe+EhGG0kpqKmY7:zZgPH9F4sBHLTIiTnGbb+xmuvz
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2025

Terms | Privacy