asyncrat | 3c65766763fc26ba80bd11313a587f3e3206f9ba3fea6a39decd66a700cc9213 | Triage

Submit
Reports

Overview

overview

Static

static

3

EU.exe

windows10-2004-x64

EU.exe

windows11-21h2-x64

Sharing

General

Target

EU.exe
Size

2.1MB
Sample

241215-p4js5swpcm
MD5

84714242749ee3c7f626d1e9684e391a
SHA1

f17abb2ab4ff1bb08360420c73e4d9496045ac1e
SHA256

3c65766763fc26ba80bd11313a587f3e3206f9ba3fea6a39decd66a700cc9213
SHA512

513010ecf933aaa85ae887b59aa03b8ddebc406cdd9ae3b889fdb2768ab33e363f81d17813e5caefe42e57162b45a81097a95723345e232b288be432150b4a28
SSDEEP

49152:n2mx9FhsvlnBh5WYNo4QP6Dc3V0bO2EYTRIagYDitK/z5:n2m9WTNopCDc3V0bJE6RrHiE/z

Score

10^/10

asyncrat default discovery execution rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

EU.exe

Resource

win10v2004-20241007-en

asyncrat default discovery execution rat

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

EU.exe

Resource

win11-20241023-en

asyncrat default discovery execution rat

windows11-21h2-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

193.161.193.99:53757

Mutex

hsaurcrgqwhjimnkbht

Attributes

delay
1
install
true
install_file
Load.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  EU.exe
- Size
  
  2.1MB
- MD5
  
  84714242749ee3c7f626d1e9684e391a
- SHA1
  
  f17abb2ab4ff1bb08360420c73e4d9496045ac1e
- SHA256
  
  3c65766763fc26ba80bd11313a587f3e3206f9ba3fea6a39decd66a700cc9213
- SHA512
  
  513010ecf933aaa85ae887b59aa03b8ddebc406cdd9ae3b889fdb2768ab33e363f81d17813e5caefe42e57162b45a81097a95723345e232b288be432150b4a28
- SSDEEP
  
  49152:n2mx9FhsvlnBh5WYNo4QP6Dc3V0bO2EYTRIagYDitK/z5:n2m9WTNopCDc3V0bJE6RrHiE/z
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat

© 2018-2025

Terms | Privacy