asyncrat | 70c7ef5fc6bc175a30fc1436ee76e05118d1a0c8310a454c373bc5e851689e08 | Triage

Resubmissions

04-08-2024 08:26

240804-kcac6s1brl 10

04-08-2024 08:23

240804-kahlrs1bmq 10

Sharing

General

Target

test.exe
Size

45KB
Sample

240804-kcac6s1brl
MD5

7f29206fc82a922c7f468f1a8c626040
SHA1

583ba79e6acd22bfafcef10a13b30a0043f73537
SHA256

70c7ef5fc6bc175a30fc1436ee76e05118d1a0c8310a454c373bc5e851689e08
SHA512

1896d659e381dbbbd208945bde36991efaef57eb515121adfb5e8a4d2a241e4098ef31815c523782c880d8a98b5f2c5e39a9e1984a5c86b523b3f66e9c158be9
SSDEEP

768:Cu/dRTUo0HQbWUnmjSmo2qMh8V1NpxTcPI1zjbkgX3iQ90K6oayV9BDZ2x:Cu/dRTUPE2l8VXPTh13brXSQ90mVTd2x

Score

10^/10

asyncrat quasar default office04 defense_evasion discovery rat spyware trojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

RFI09QOr7ybB

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.56.1:4782

Mutex

3522b5e7-fd11-42bb-9280-22f54d1cccc8

Attributes

encryption_key
2D52AD41C338B574A26194A4216A466F75485BFB
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  test.exe
- Size
  
  45KB
- MD5
  
  7f29206fc82a922c7f468f1a8c626040
- SHA1
  
  583ba79e6acd22bfafcef10a13b30a0043f73537
- SHA256
  
  70c7ef5fc6bc175a30fc1436ee76e05118d1a0c8310a454c373bc5e851689e08
- SHA512
  
  1896d659e381dbbbd208945bde36991efaef57eb515121adfb5e8a4d2a241e4098ef31815c523782c880d8a98b5f2c5e39a9e1984a5c86b523b3f66e9c158be9
- SSDEEP
  
  768:Cu/dRTUo0HQbWUnmjSmo2qMh8V1NpxTcPI1zjbkgX3iQ90K6oayV9BDZ2x:Cu/dRTUPE2l8VXPTh13brXSQ90mVTd2x
Score

10^/10

asyncrat quasar default office04 defense_evasion discovery rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratquasardefaultoffice04defense_evasiondiscoveryratspywaretrojan