asyncrat | 69d15a8ca658c1d8713cbd088c4e04833e3915ed13ed0cb6d33bb2995c431986 | Triage

Submit
Reports

Overview

overview

Static

static

1

skibidi toilet.bat

windows10-ltsc 2021-x64

Sharing

General

Target

skibidi toilet.bat
Size

388KB
Sample

241120-zlr2xateln
MD5

0380a9d31f2f8313a3a3e90ca34b9f77
SHA1

18813e82100f6d678b298d34b6a87a401c8239de
SHA256

69d15a8ca658c1d8713cbd088c4e04833e3915ed13ed0cb6d33bb2995c431986
SHA512

6113f556d8720bd11b446e021d8eeab5648395958b0953b50d6de9be7ec5d9f5f1a2553f4077ac842b3e7f45fd07c7b0379eeb57d6bd6241c028b68859b7c5f7
SSDEEP

6144:o3u2w8vphGO0vcnEwFWlmyW7yH/mMpzYs4CpUwKidD+N3OghugCCb6ChemLJKaf:oXPpmfwogyWWHFdYsxjjdDngISjtKC

Score

10^/10

asyncrat default execution rat

Static task

static1

Behavioral task

behavioral1

Sample

skibidi toilet.bat

Resource

win10ltsc2021-20241023-en

asyncrat default execution rat

windows10-ltsc 2021-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

193.161.193.99:36700

Attributes

delay
1
install
true
install_file
syskprvalr.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  skibidi toilet.bat
- Size
  
  388KB
- MD5
  
  0380a9d31f2f8313a3a3e90ca34b9f77
- SHA1
  
  18813e82100f6d678b298d34b6a87a401c8239de
- SHA256
  
  69d15a8ca658c1d8713cbd088c4e04833e3915ed13ed0cb6d33bb2995c431986
- SHA512
  
  6113f556d8720bd11b446e021d8eeab5648395958b0953b50d6de9be7ec5d9f5f1a2553f4077ac842b3e7f45fd07c7b0379eeb57d6bd6241c028b68859b7c5f7
- SSDEEP
  
  6144:o3u2w8vphGO0vcnEwFWlmyW7yH/mMpzYs4CpUwKidD+N3OghugCCb6ChemLJKaf:oXPpmfwogyWWHFdYsxjjdDngISjtKC
Score

10^/10

asyncrat default execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultexecutionrat

© 2018-2025

Terms | Privacy