asyncrat | f368400a4f67b6f2390343181e5d1945967c6cd25088798984e6e4654a1b928c | Triage

Submit
Reports

Overview

overview

Static

static

cum.exe

windows7-x64

cum.exe

windows10-2004-x64

Resubmissions

04-01-2025 12:14

250104-pej3ls1mbk 10

04-01-2025 12:10

250104-pcc7aa1lcr 10

Sharing

General

Target

cum.exe
Size

63KB
Sample

250104-pej3ls1mbk
MD5

6ae8830520e0bf079fc97aa207673ac6
SHA1

8eab31bfba85b5847573bda4257f79c607f0c297
SHA256

f368400a4f67b6f2390343181e5d1945967c6cd25088798984e6e4654a1b928c
SHA512

cb8e918f34780d91673fdcc6bf3a70d2a1bf82bafb62f59ab6fc0f98b5ee09a8ed404d99fee25a4d5f55f9b7c4a5dc280d41725c596e6ddb8fae158542f14596
SSDEEP

1536:+62ZBUFWbPZEYUbeM9odcrXuEdpqKmY7:+62CWbP6YUbe1cr5Gz

Score

10^/10

asyncrat default discovery phishing rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

cum.exe

Resource

win7-20240903-en

asyncrat default rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

cum.exe

Resource

win10v2004-20241007-en

asyncrat default discovery phishing rat

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:1337

127.0.0.1:26550

147.185.221.24:1337

147.185.221.24:26550

Attributes

delay
3
install
true
install_file
hawktuah.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  cum.exe
- Size
  
  63KB
- MD5
  
  6ae8830520e0bf079fc97aa207673ac6
- SHA1
  
  8eab31bfba85b5847573bda4257f79c607f0c297
- SHA256
  
  f368400a4f67b6f2390343181e5d1945967c6cd25088798984e6e4654a1b928c
- SHA512
  
  cb8e918f34780d91673fdcc6bf3a70d2a1bf82bafb62f59ab6fc0f98b5ee09a8ed404d99fee25a4d5f55f9b7c4a5dc280d41725c596e6ddb8fae158542f14596
- SSDEEP
  
  1536:+62ZBUFWbPZEYUbeM9odcrXuEdpqKmY7:+62CWbP6YUbe1cr5Gz
Score

10^/10

asyncrat default rat discovery phishing
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultdiscoveryphishingrat

© 2018-2025

Terms | Privacy