asyncrat | eb79368e3d08078cd2c59c4e4ad38ead9d44a79253cba084ab8013be126abf03 | Triage

Submit
Reports

Overview

overview

Static

static

3

RoyalKing ...er.exe

windows7-x64

3

RoyalKing ...er.exe

windows10-2004-x64

Sharing

General

Target

RoyalKing Bootstraper.rar
Size

16KB
Sample

241205-113bvstrat
MD5

fb6974e7f6f681024728545630df874f
SHA1

9a46d69a5be885b518a8bd2a0cf7727affb52c4f
SHA256

eb79368e3d08078cd2c59c4e4ad38ead9d44a79253cba084ab8013be126abf03
SHA512

5ab90c505f3faaf2dcbbdaabf96fbac8e83615e2ab20c87fd3da343fc7e5e7ef507bac0113d994bd4b04b6fa7568b5168ca40cabe89edc10d5a6d66b0a872fec
SSDEEP

384:tNZ+Zw2dkrBtKVp22lv/Ha0St1zI5RbcfMHwVJ2iZjhjs8x3Oi:t7+ZddyBtKVoXzI5Rbc2wvjhjs8xT

Score

10^/10

asyncrat default discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RoyalKing Bootstraper.exe

Resource

win7-20240903-en

windows7-x64

7 signatures

600 seconds

Behavioral task

behavioral2

Sample

RoyalKing Bootstraper.exe

Resource

win10v2004-20241007-en

asyncrat default discovery rat

windows10-2004-x64

21 signatures

600 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

172.204.136.22:1604

Mutex

ghbyTnUySCmF

Attributes

delay
3
install
false
install_file
RoyalKing.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RoyalKing Bootstraper.exe
- Size
  
  39KB
- MD5
  
  8c723a3169b077a877802649d7f8ad74
- SHA1
  
  16650c695bc5966c50229c976916464e36d083bc
- SHA256
  
  f9718b38ff60d7521a28816a474e2851537c67576c7c6c7b1c18f8ba3f84375b
- SHA512
  
  aaae12062e64f6f4c503d73912bc249e08d20b0caa1fca51236e46818edcd1b9a56467b02ef15376baeaac3dbf8c9d01637498284d144d73d60808b12dae7e9c
- SSDEEP
  
  768:cmQZqx1lYcJHNP1divdCxuoLZb69UJpJXbOfq1Ykjhm:c0lYXvIxJLZb6QzbO+jhm
Score

10^/10

discovery asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryrat

© 2018-2025

Terms | Privacy