asyncrat | 49b3b5ed8b4bab226241223f2004d96cd7975d62375dfbffbfe2212c1e4d52f8 | Triage

Sharing

General

Target

49b3b5ed8b4bab226241223f2004d96cd7975d62375dfbffbfe2212c1e4d52f8.cmd
Size

84KB
Sample

241111-zpbt4avpcx
MD5

de084a193f3bf453afd0642a1e171dce
SHA1

df67591cdbf7fae865b3ef5807f24a81be4394cd
SHA256

49b3b5ed8b4bab226241223f2004d96cd7975d62375dfbffbfe2212c1e4d52f8
SHA512

36bc60a4f2a35fe17e40e0eb07384c4e3e6c7bab85beb1d6a4f32b9a4f419ea37dc8ace1e45dbf14c74fee6eeb163c2d321fb83cca390bb137991abead0a490e
SSDEEP

1536:cIuyBCE+h2KyBCE+h2wG2YCHMrznL/kDxhwAGp2hc0dn9:cdyBCfh/yBCfhnF2vL6O2hc0dn9

Score

10^/10

asyncrat quasar fawzair1d office04 discovery execution rat spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

walkout.ddnsgeek.com:8080

Mutex

27391f85-a482-471a-b2cd-1f8ab5bde32e

Attributes

encryption_key
6469F8C5BA9A2CFDCF4A3F1651D1E92DBEA41117
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Extracted

Family

asyncrat

Version

AWS | RxR

Botnet

fawzair1d

C2

go2.adrsxpjm0rga0n.de:6606

go2.adrsxpjm0rga0n.de:7707

go2.adrsxpjm0rga0n.de:8808

Mutex

dtvhcrw_fawziir

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  49b3b5ed8b4bab226241223f2004d96cd7975d62375dfbffbfe2212c1e4d52f8.cmd
- Size
  
  84KB
- MD5
  
  de084a193f3bf453afd0642a1e171dce
- SHA1
  
  df67591cdbf7fae865b3ef5807f24a81be4394cd
- SHA256
  
  49b3b5ed8b4bab226241223f2004d96cd7975d62375dfbffbfe2212c1e4d52f8
- SHA512
  
  36bc60a4f2a35fe17e40e0eb07384c4e3e6c7bab85beb1d6a4f32b9a4f419ea37dc8ace1e45dbf14c74fee6eeb163c2d321fb83cca390bb137991abead0a490e
- SSDEEP
  
  1536:cIuyBCE+h2KyBCE+h2wG2YCHMrznL/kDxhwAGp2hc0dn9:cdyBCfh/yBCfhnF2vL6O2hc0dn9
Score

10^/10

asyncrat quasar fawzair1d office04 discovery execution rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratquasarfawzair1doffice04discoveryexecutionratspywaretrojan