asyncrat | c59878f34eb08565dde137d3da8f37185c07b01de149b4c210497703c737605a | Triage

Submit
Reports

Overview

overview

Static

static

3

README‮txt.scr

windows10-ltsc 2021-x64

Sharing

General

Target

README‮txt.SCR
Size

3.6MB
Sample

241231-pq8kcazqb1
MD5

67fa781a0df1aea8159a22c0390023f3
SHA1

d3641ee05ddd0a652a9004894f09b484336f115e
SHA256

c59878f34eb08565dde137d3da8f37185c07b01de149b4c210497703c737605a
SHA512

2f7fb249fd1e4097928adffd40b5131002b6fb47a26248d92f0781f6510dbb4e382febd2bfc7755970baf2f4c90d48591ca3edc08d10ed0491df9ee4575eff2f
SSDEEP

98304:AkqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13U:AkSIlLtzWAXAkuujCPX9YG9he5GnQCAB

Score

10^/10

asyncrat default steam collection discovery persistence phishing privilege_escalation rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

README‮txt.scr

Resource

win10ltsc2021-20241211-en

asyncrat default steam collection discovery persistence phishing privilege_escalation rat spyware stealer

windows10-ltsc 2021-x64

32 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

51.89.44.68:8848

Mutex

etb3t1tr5n

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  README‮txt.SCR
- Size
  
  3.6MB
- MD5
  
  67fa781a0df1aea8159a22c0390023f3
- SHA1
  
  d3641ee05ddd0a652a9004894f09b484336f115e
- SHA256
  
  c59878f34eb08565dde137d3da8f37185c07b01de149b4c210497703c737605a
- SHA512
  
  2f7fb249fd1e4097928adffd40b5131002b6fb47a26248d92f0781f6510dbb4e382febd2bfc7755970baf2f4c90d48591ca3edc08d10ed0491df9ee4575eff2f
- SSDEEP
  
  98304:AkqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13U:AkSIlLtzWAXAkuujCPX9YG9he5GnQCAB
Score

10^/10

asyncrat default steam collection discovery persistence phishing privilege_escalation rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Detected potential entity reuse from brand STEAM.
  phishing steam
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultsteamcollectiondiscoverypersistencephishingprivilege_escalationratspywarestealer

© 2018-2025

Terms | Privacy