asyncrat | 2449fe334bbf8f09ff80422578a6c6961d20a0a456b214f6490c5ed1ae859c9e | Triage

Submit
Reports

Overview

overview

Static

static

3

35e7f1f850...34.exe

windows7-x64

35e7f1f850...34.exe

windows10-2004-x64

Sharing

General

Target

35e7f1f850ca524d0eaa6522a4451834.exe
Size

476KB
Sample

240804-pk183syhra
MD5

35e7f1f850ca524d0eaa6522a4451834
SHA1

e98db252a62c84fd87416d2ec347de46ec053ebd
SHA256

2449fe334bbf8f09ff80422578a6c6961d20a0a456b214f6490c5ed1ae859c9e
SHA512

3b013378a51a29652ff84f61050b344f504ef51a51944d469b1d0e629e4abad979416a56b9cffb6cfe20b80dfbebffec35dce6f5dc10b02907dee538f9f17a01
SSDEEP

6144:gFJ8aFxdJD82I+PwMmTqhepZsZsqAPh+jtKiEoRagl2SEP5zrAdi:gFyaFxdJbIAuZ0sHPwjAoZpExodi

Score

10^/10

asyncrat discovery execution persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

35e7f1f850ca524d0eaa6522a4451834.exe

Resource

win7-20240704-en

asyncrat discovery execution persistence rat

windows7-x64

27 signatures

150 seconds

Behavioral task

behavioral2

Sample

35e7f1f850ca524d0eaa6522a4451834.exe

Resource

win10v2004-20240802-en

asyncrat discovery execution persistence rat

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  35e7f1f850ca524d0eaa6522a4451834.exe
- Size
  
  476KB
- MD5
  
  35e7f1f850ca524d0eaa6522a4451834
- SHA1
  
  e98db252a62c84fd87416d2ec347de46ec053ebd
- SHA256
  
  2449fe334bbf8f09ff80422578a6c6961d20a0a456b214f6490c5ed1ae859c9e
- SHA512
  
  3b013378a51a29652ff84f61050b344f504ef51a51944d469b1d0e629e4abad979416a56b9cffb6cfe20b80dfbebffec35dce6f5dc10b02907dee538f9f17a01
- SSDEEP
  
  6144:gFJ8aFxdJD82I+PwMmTqhepZsZsqAPh+jtKiEoRagl2SEP5zrAdi:gFyaFxdJbIAuZ0sHPwjAoZpExodi
Score

10^/10

asyncrat discovery execution persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks for any installed AV software in registry
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdiscoveryexecutionpersistencerat

behavioral2

asyncratdiscoveryexecutionpersistencerat

© 2018-2025

Terms | Privacy