asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

COMPILED.zip
Size

6.9MB
Sample

241017-am5xqa1frg
MD5

30b1961a9b56972841a3806e716531d7
SHA1

63c6880d936a60fefc43a51715036c93265a4ae5
SHA256

0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c
SHA512

9449065743226bd15699e710b2bab2a5bb44866f2d9a8bd1b3529b7c53d68e5ecba935e36406d1b69e1fb050f50e3321ef91bc61faac9790f6209fec6f930ed0
SSDEEP

196608:C+MPQJu8YfQFtMAFMQ5RIhFmQ06L29tJW0SCK5u:C+mQ08YfQNMQ5RI7i9LSCAu

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

1MZzpyf6QSGe

Attributes

delay
3
install
true
install_file
Anti Virus.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  COMPILED.zip
- Size
  
  6.9MB
- MD5
  
  30b1961a9b56972841a3806e716531d7
- SHA1
  
  63c6880d936a60fefc43a51715036c93265a4ae5
- SHA256
  
  0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c
- SHA512
  
  9449065743226bd15699e710b2bab2a5bb44866f2d9a8bd1b3529b7c53d68e5ecba935e36406d1b69e1fb050f50e3321ef91bc61faac9790f6209fec6f930ed0
- SSDEEP
  
  196608:C+MPQJu8YfQFtMAFMQ5RIhFmQ06L29tJW0SCK5u:C+mQ08YfQNMQ5RI7i9LSCAu
Score

1^/10
behavioral1 behavioral2
- Target
  
  AsyncRAT/AsyncRAT.exe
- Size
  
  6.4MB
- MD5
  
  97a429c4b6a2cb95ece0ddb24c3c2152
- SHA1
  
  6fcc26793dd474c0c7113b3360ff29240d9a9020
- SHA256
  
  06899071233d61009a64c726a4523aa13d81c2517a0486cc99ac5931837008e5
- SHA512
  
  524a63f39e472bd052a258a313ff4f2005041b31f11da4774d3d97f72773f3edb40df316fa9cc2a0f51ea5d8ac404cfdd486bab6718bae60f0d860e98e533f89
- SSDEEP
  
  98304:+bPmDVa3VxobFwUN5xXhAqin1MNuSZTKA0t9FFPEG6xJJ33Je2PsBpCz6Ry:+7aIXUN5htin2bk9fcPHJDE7Cz60
Score

10^/10

asyncrat default discovery evasion execution rat spyware stealer trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies visibility of file extensions in Explorer
  evasion
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  AsyncRAT/AsyncRAT.exe.config
- Size
  
  5KB
- MD5
  
  cb1f2dcfeb5cbb5af8efa7ea40b8e908
- SHA1
  
  ceb040761554040cac2fc7ca18623498d3bfc7ce
- SHA256
  
  58f956abe9d717683f4a1cfa6f70e256c80461315a8d47b6456116b3d3075372
- SHA512
  
  f0d805bb7983a111b7083e08d5e53c30dd78a0a5fa2baa2af6c5d3395475a3399fd085d151cc8cce312c7eb3e11ac7c2cc78c49ff8a9bfba4b6ad6585caeaeea
- SSDEEP
  
  96:ur71Y7KY7KPrv0bGiver/apdgaRzV6RnwhXIJ0bGiveLapdgaRzV6RQyYKS4Ypy1:ur7S7L7OrTbCyYKS/pvrsJ+J/qJvr
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  AsyncRAT/Plugins/Chat.dll
- Size
  
  367KB
- MD5
  
  b230da150aa974d2a0801cef654cbe05
- SHA1
  
  ab28e63c165ebd7d43d6d0eed4de2750743b9b27
- SHA256
  
  37d41c7042210845593ddd7e5a5e37a37f6605305264d50a30aa2be1686000f6
- SHA512
  
  2d81546548b6ed2e799eaaf4766ac9a811344d9f57726bed7270e289234f7b917df07deff9d1f6e93b9f4d186daefcbfd2d0181b12406a0b5b81e3bdffa65aaf
- SSDEEP
  
  6144:x5S/ect/xQQq1EFBa1jTfHjGqyREilSwAV:x5G/e1EFQ1jzjGREy
Score

1^/10
behavioral7 behavioral8
- Target
  
  AsyncRAT/Plugins/Extra.dll
- Size
  
  375KB
- MD5
  
  3bbcb7c7967c714f767d751db17ed1d0
- SHA1
  
  ea15b176c5c7073bfa3bb58ebe9280b032414fbc
- SHA256
  
  7dd3978e7721f4460d639d17c47fe1307917dbacfb858d0d12e403105cd47089
- SHA512
  
  c20bf3b9b4051b050b6efebbe3c6ea54e520d68172f4ef7bbab961169c4479e9c77b39719e0139edd6ff4c4366b355579226f49aa979331ac8ab8c69bf3a165f
- SSDEEP
  
  6144:/rUTePJZAbxMCgxth8mzMkv8WLBuqcLA5rm5N8LBOTqi:/jA6jL93J4H
Score

1^/10
behavioral10 behavioral9
- Target
  
  AsyncRAT/Plugins/FileManager.dll
- Size
  
  392KB
- MD5
  
  9caa1fa3b3b7824167610d309446223d
- SHA1
  
  093fa014488ea1ddacf083c398fb8b2d07b8a0e0
- SHA256
  
  9d1b94035f381b5183e82a317f001725674c8ea1c5cd82ab5af408f7f53ca19d
- SHA512
  
  feba121ed3ccdef26b0c78874c5247cbb223b2992649fed6bbc088bfe952cf86de1145d84666048ad37b0f2c6a9dcd4da95cf972ec790b43deeb1c22322d17e1
- SSDEEP
  
  6144:6vqHIAq0cvNthE4a2pO/LyRJPZVjTT6gsduuufuujuFyJTququqqqqqqLffffqpU:6vqH/glcwkU5mgsRU0OGF
Score

1^/10
behavioral11 behavioral12
- Target
  
  AsyncRAT/Plugins/FileSearcher.dll
- Size
  
  433KB
- MD5
  
  4e1922ee8333847507a34823ed695131
- SHA1
  
  5df1f96b0a0a43eadeb101c54864a85cf51e9521
- SHA256
  
  a6bdd625fa1d9a7ee66e4ca09ced0b3dca8afd2ad92ecaf44fd9a879b57cb198
- SHA512
  
  e4f2bc24f7d44e19580d561599b563ef2d011cffbd64851c867b03aab22e650da55150b6bc9c02389acffe546efdcc17da72204fef4e6e49a53e27be1a290f0a
- SSDEEP
  
  6144:TwLb1j1VL6d/kA1EegwpfzSv/OLpvt4WIkE0ej:Tib1jKcA1ow9+Q2WIkE0e
Score

1^/10
behavioral13 behavioral14
- Target
  
  AsyncRAT/Plugins/LimeLogger.dll
- Size
  
  368KB
- MD5
  
  732839c93b7e0ab6796cb1c4544eda66
- SHA1
  
  2dc3d39d74a5b72e6320596f92bcfc15edda3915
- SHA256
  
  cd5cdf0eade067fb0d97881258e4e29d88386cc9ec7a6ea315d159d284858857
- SHA512
  
  faa264925d636fa743d0448ce97c0b26ed7974b48c2fbf66000993119749d721bc27cf2626c3eaac3b1374abc0d16cca9e8222c4da054d1aeb56b34505fbeec6
- SSDEEP
  
  6144:T7qj3iWg0kHC86FItOZrhFx4aXCEzwHyFt:T03iutXCa2g
Score

1^/10
behavioral15 behavioral16
- Target
  
  AsyncRAT/Plugins/Miscellaneous.dll
- Size
  
  560KB
- MD5
  
  07ba8685ca3faff186f0d9f5400c1117
- SHA1
  
  a673a7b55e4cf168856a7d3564a5521f0f8fc4e5
- SHA256
  
  783d9d5334aa40f35acf8ff941a6b5bed908fd94dc14a05712b8a9eb9220cd5b
- SHA512
  
  358c85a586d8b590497ea180eae76608ef38a4de09b95e907632bbad8f2c522bec4ea5568017ea1120a1553abb2be730006613872fe053b1fc00a36d005ab096
- SSDEEP
  
  6144:ZksM6LbRsGOlShLHZIVEvLht0Raf2K/lPqmiGk4IuzvjPEzd4P0m/KUweRq:pM6nRsHlSRLBuwImD5f88B
Score

1^/10
behavioral17 behavioral18
- Target
  
  AsyncRAT/Plugins/Options.dll
- Size
  
  378KB
- MD5
  
  a1b5048e3f10f7105bd47244b2930137
- SHA1
  
  a12cbae3ec815ce704fafb0e2eadb9f31ccbb6f3
- SHA256
  
  8dc80b8bf9b3123289e132270e74a31176deec4f74e6ac20d7b6a9fcdb89e8a1
- SHA512
  
  fcae7c456f71e03afe2e67954fc3c9491978a54825436c51b351c47adb6cd8a1ef15e0e6f6d99094b986ff910e21a287a7de9e4ca2818221aa858152a8c6dfe9
- SSDEEP
  
  6144:k7VK+5AKNyvekG+3IoH3MAYV+kpDBWOcFN94f:kk3Kg731H3Md+XHf9
Score

1^/10
behavioral19 behavioral20
- Target
  
  AsyncRAT/Plugins/ProcessManager.dll
- Size
  
  361KB
- MD5
  
  fced22a0c1edad786a59703842fd3b14
- SHA1
  
  dceabc613c694f7f2f6439ea176988fb373d6a29
- SHA256
  
  3ad861ad9bc3edfdd486c060879f4f2450a51757c67f3b514f71381057580218
- SHA512
  
  8904c36c364d29244c598895e877d7897547ce2a187adb197ba281a0512ca3ff52464c478fc42a2ec7f614dd0f91dea2dbb31f4af81c6c0f08cd23f79a71f57c
- SSDEEP
  
  6144:hyk5beTVvGG3vwtudJgKsvAjHvzA1AXly:wNGGotYJQvgHbKA
Score

1^/10
behavioral21 behavioral22
- Target
  
  AsyncRAT/Plugins/Recovery.dll
- Size
  
  600KB
- MD5
  
  d8793438a77750cea1b0d7eaad3d0d0d
- SHA1
  
  36bb36d6dabaa1285dbe7ba26581322630984c71
- SHA256
  
  7fd48ac68f182e0ced2ace00b223fa1d35bd8a20d75600b5400267cd5db5cc84
- SHA512
  
  68e00d97edf0ab768d40672d3b39dfcd09d8ff81b3e6abfdcfa8db88d66ae6070c8b6ad2c540538dd6f47da0174f9ab2d48cd7bef95d6021ffb844c71289822d
- SSDEEP
  
  12288:3I5Ii5aNgfO5Bt844Wn1JwygRuE4pYGmDonx:3IcqfOryJWnVrYNDIx
Score

1^/10
behavioral23 behavioral24
- Target
  
  AsyncRAT/Plugins/RemoteCamera.dll
- Size
  
  452KB
- MD5
  
  1b2c9164e625b600e699151de11d9e98
- SHA1
  
  2ce0aa3161c641623afd1acfa922fce5f10a709c
- SHA256
  
  87938027a63a867b831c86611dc6a2c1fc6af61526dc2269328af4b59e15b1e1
- SHA512
  
  aa0785b079059463a1df409380451c2be7c3bd627a199661627815f364689ed3816dc9cb78725fab510d687d6866186f3fbdb62b633554b9a0aa324730487729
- SSDEEP
  
  6144:npMSjYV8M+c7YervSBlnzYuYyb5A5XAxCqDS5aVorhdt+b5V20JBmYrtog:nqV8a0OaLYCAQLD8CF5h3t
Score

1^/10
behavioral25 behavioral26
- Target
  
  AsyncRAT/Plugins/RemoteDesktop.dll
- Size
  
  390KB
- MD5
  
  cd4a9e669264419eca4de564e6272fe0
- SHA1
  
  bb69bb1542ea06395df74dbedc98866d6c8a36cb
- SHA256
  
  56fd699258a7186f709068c283cd725797bab392e3a6f1cd28f35bbdb3e98e38
- SHA512
  
  5addb4f97c7e1cb69e5167e670bd2c3a817e0415f1fd8a5158af7e03e4340a8b1a6d803e85c9ea56415b9e7d3dcb4c352775a6a6b4770443d72114396ffaa1e5
- SSDEEP
  
  6144:KdHdVObvTS8nmScJEB/2Jin8SF1hG+ht6Oaynf/wKlWCkKI5J5sZva:xCQ2wHFagf/wKlncg
Score

1^/10
behavioral27 behavioral28
- Target
  
  AsyncRAT/Plugins/SendFile.dll
- Size
  
  368KB
- MD5
  
  c4b11c003ed1e394597f6a5201826a59
- SHA1
  
  8de5d19d0d1638f24718bf87c3245cef74f48341
- SHA256
  
  1a717c40ff7f60c18953b46a69a8fc47cce7dad6116cd3715deb2abf0d80722d
- SHA512
  
  ee93a9bd9f77284af5fe0b4d1ef96fbb0ded00aeb045cae380bfc01be45c76d9d0a481f1d4a6f206124603b99c23a8b6054dcdc65e7e5913373b1739e1b310b1
- SSDEEP
  
  6144:7aU0XFbDW0+JDzXNj8QrGchz6q7V7u85:7aU0XCJDbdnrGyT1
Score

1^/10
behavioral29 behavioral30
- Target
  
  AsyncRAT/Plugins/SendMemory.dll
- Size
  
  367KB
- MD5
  
  dbd937cf1098405994b1295056dce5bb
- SHA1
  
  9b47cff5dc8cc6b4868a3715412b425c2b5b49cf
- SHA256
  
  b0b5dda6cac5d1e91958379dc1fda602dd1566127f21e30196382743a350a4d8
- SHA512
  
  2795b1249829d43f43291394fd33821caa3a0ed654c3d9a75f0cd52ac94f1e1bb3d2ab87f81333779d789112c359ddb059c8b4616c95903761b1539e54ec9d61
- SSDEEP
  
  6144:QJ+x17+H67OgnfFPE0f4UKXdEvllmXOocZqOA8IhOueA1Cv6afvx:iPonRE0f4UKXdE9lmXOocZqD51CyE
Score

1^/10
behavioral31 behavioral32