asyncrat | 83c854b5ab60971d9d00fe88f9ec5238087b27ac2a7606e34d249778d430b445 | Triage

Submit
Reports

Overview

overview

Static

static

ffe2d2e6b9...5a.exe

windows7-x64

ffe2d2e6b9...5a.exe

windows10-2004-x64

Sharing

General

Target

83c854b5ab60971d9d00fe88f9ec5238087b27ac2a7606e34d249778d430b445
Size

30KB
Sample

240802-gjn85atfpd
MD5

53f3006de4d699f17309edfdff009c78
SHA1

4685b765f94561052bd3202b150fd5816fc608e6
SHA256

83c854b5ab60971d9d00fe88f9ec5238087b27ac2a7606e34d249778d430b445
SHA512

b266b5d5b20a926f0288ee5fa2176cf832fe9681ac3a1524a67ae31b8fdd1e6a76d90a5fcfe5c7c85d6e6d7c1cae74ed0d2cf58c7dbc078bf1eea9ce077b0cbc
SSDEEP

768:uvVFilMJmgOPQHS5GrZ+IsltoyUxIzJ/eKgY9XojjX5y2qeYH:OilMkfqS5Grg1UWzFkjp+

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

ffe2d2e6b930f0b8f752d2a478d77cfbf9467006d294474fe33970a8c529b75a.exe

Resource

win7-20240729-en

asyncrat default rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ffe2d2e6b930f0b8f752d2a478d77cfbf9467006d294474fe33970a8c529b75a.exe

Resource

win10v2004-20240730-en

asyncrat default rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.2

Botnet

Default

C2

stores-less.gl.at.ply.gg:45080

Mutex

AtomRatMutex_penka

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ffe2d2e6b930f0b8f752d2a478d77cfbf9467006d294474fe33970a8c529b75a.exe
- Size
  
  63KB
- MD5
  
  5f00c912f2ac12df8525a30afb8f776e
- SHA1
  
  516af350678a65e9e10901b8c990ef4601ae0844
- SHA256
  
  ffe2d2e6b930f0b8f752d2a478d77cfbf9467006d294474fe33970a8c529b75a
- SHA512
  
  5e9e96ed14d4c1fff020d9d1d00f137cbf1121cd5c3c58a054002d7d1f29a417b6f2f71d8f534c7207ea6bd87a3b57d7afea76390b90a1c8badf482dbba710d5
- SSDEEP
  
  1536:FhMpLbRQkB4+ENds+jFBncsSRoAGbbzwHvGHtpqKmY7:FhMpLbRQkB4tds+jFBl2JGbbzt2z
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2025

Terms | Privacy