asyncrat | 1b4ca2ea6683fa110a3409227361b8c29e00aa656ff197291b06105b36ec2fee | Triage

Submit
Reports

Overview

overview

Static

static

Infected.exe

windows10-2004-x64

Sharing

General

Target

Infected.exe
Size

63KB
Sample

240802-skftxsygjq
MD5

4ab63aeb8e93aa7784281b8692d25ff3
SHA1

877e3e2f4729438ffdf7bfae3c7c261111e9dc6a
SHA256

1b4ca2ea6683fa110a3409227361b8c29e00aa656ff197291b06105b36ec2fee
SHA512

3623a467a97627b9d43660e2cfc9ed0334e1544a4bc68f9f1cb9cdfe8f365728fbaf9a5eec85e257c8d767aa4ac058b7a0e2eb0e1177514cd8a53d67be008885
SSDEEP

768:Cuw6LVcsTPq781wC8A+XjuazcBRL5JTk1+T4KSBGHmDbD/ph0oXk5hSuEdpqKYhg:LeQPckdSJYUbdh9k54uEdpqKmY7

Score

10^/10

asyncrat default ransomware rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

Infected.exe

Resource

win10v2004-20240802-en

asyncrat default ransomware rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

and-statements.gl.at.ply.gg:43442

Attributes

delay
1
install
true
install_file
test124.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Infected.exe
- Size
  
  63KB
- MD5
  
  4ab63aeb8e93aa7784281b8692d25ff3
- SHA1
  
  877e3e2f4729438ffdf7bfae3c7c261111e9dc6a
- SHA256
  
  1b4ca2ea6683fa110a3409227361b8c29e00aa656ff197291b06105b36ec2fee
- SHA512
  
  3623a467a97627b9d43660e2cfc9ed0334e1544a4bc68f9f1cb9cdfe8f365728fbaf9a5eec85e257c8d767aa4ac058b7a0e2eb0e1177514cd8a53d67be008885
- SSDEEP
  
  768:Cuw6LVcsTPq781wC8A+XjuazcBRL5JTk1+T4KSBGHmDbD/ph0oXk5hSuEdpqKYhg:LeQPckdSJYUbdh9k54uEdpqKmY7
Score

10^/10

asyncrat default ransomware rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Renames multiple (1273) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultransomwarerat

© 2018-2025

Terms | Privacy