asyncrat | 7d7fefea4821294e42f1848ec0d0512398d53d75fad6130cf7d47384378d7bca | Triage

Submit
Reports

Overview

overview

Static

static

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

48KB
Sample

250102-1kntjazlen
MD5

c455e1785b15f7ab254cfc3418803921
SHA1

9164b636c9e11d1060009de5100a6b60e5f37837
SHA256

7d7fefea4821294e42f1848ec0d0512398d53d75fad6130cf7d47384378d7bca
SHA512

0b3acca31da5d6a477ecf36b4a97d2c2e76fae7b6663024222934304da46043a93ddead5551c402d47d709b89854f8d66b807f3f8d52911be3bfc5e26ef4eb2d
SSDEEP

768:AWgtBBILDmY1+Vxi4telDSN+iV08YbygetBrUyvvEgK/JkEVc6KN:ADak84tKDs4zb1wB4yvnkJkEVclN

Score

10^/10

asyncrat default discovery rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win10v2004-20241007-en

asyncrat default discovery rat

windows10-2004-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
GoogleUpdate.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/rN9BXgA1

aes.plain

Targets

- Target
  
  Client.exe
- Size
  
  48KB
- MD5
  
  c455e1785b15f7ab254cfc3418803921
- SHA1
  
  9164b636c9e11d1060009de5100a6b60e5f37837
- SHA256
  
  7d7fefea4821294e42f1848ec0d0512398d53d75fad6130cf7d47384378d7bca
- SHA512
  
  0b3acca31da5d6a477ecf36b4a97d2c2e76fae7b6663024222934304da46043a93ddead5551c402d47d709b89854f8d66b807f3f8d52911be3bfc5e26ef4eb2d
- SSDEEP
  
  768:AWgtBBILDmY1+Vxi4telDSN+iV08YbygetBrUyvvEgK/JkEVc6KN:ADak84tKDs4zb1wB4yvnkJkEVclN
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

© 2018-2025

Terms | Privacy