asyncrat | 0ba3f53dc303731f8060b81fecfd87026b55052488853f4df228255eeba35a8d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

autoinstal...o2.exe

windows7-x64

autoinstal...o2.exe

windows10-2004-x64

Sharing

General

Target

autoinstall dll @powergirlso2.exe
Size

2.0MB
Sample

250220-rqlfxswpbs
MD5

390e8cf06fa3eb9ebf46ca2498bbe0a7
SHA1

cc2ce83fd17f26e8889c94263624b98cd46254d4
SHA256

0ba3f53dc303731f8060b81fecfd87026b55052488853f4df228255eeba35a8d
SHA512

821d13b2d099736bc9f410ad1138d3bf6c09e2ef0ae93259b937de1b0652eb968a4f097c26006a75f94548ee237989464f5620b86116dc9654fef7e49452d633
SSDEEP

24576:xkBGRu7kCvNuLJHCUgGZJkQqRX7usVzRxaiKwr/8jh80trwEuepKunr:6BerzgpKW/8jh86UEke

Score

10^/10

asyncrat stealerium default collection discovery persistence privilege_escalation rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

autoinstall dll @powergirlso2.exe

Resource

win7-20250207-en

asyncrat default discovery rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

autoinstall dll @powergirlso2.exe

Resource

win10v2004-20250217-en

asyncrat stealerium default collection discovery persistence privilege_escalation rat stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

RC7-41750.portmap.host:41750

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  autoinstall dll @powergirlso2.exe
- Size
  
  2.0MB
- MD5
  
  390e8cf06fa3eb9ebf46ca2498bbe0a7
- SHA1
  
  cc2ce83fd17f26e8889c94263624b98cd46254d4
- SHA256
  
  0ba3f53dc303731f8060b81fecfd87026b55052488853f4df228255eeba35a8d
- SHA512
  
  821d13b2d099736bc9f410ad1138d3bf6c09e2ef0ae93259b937de1b0652eb968a4f097c26006a75f94548ee237989464f5620b86116dc9654fef7e49452d633
- SSDEEP
  
  24576:xkBGRu7kCvNuLJHCUgGZJkQqRX7usVzRxaiKwr/8jh80trwEuepKunr:6BerzgpKW/8jh86UEke
Score

10^/10

asyncrat default discovery rat stealerium collection persistence privilege_escalation stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Stealerium family
  stealerium
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratstealeriumdefaultcollectiondiscoverypersistenceprivilege_escalationratstealer

© 2018-2025

Terms | Privacy