asyncrat | 002a936cc181ea7e45b5f441d90cfe633a9ba5abece878a789163ca2ef992374 | Triage

Submit
Reports

Overview

overview

Static

static

AntonsFile.exe

windows11-21h2-x64

Sharing

General

Target

AntonsFile.exe
Size

47KB
Sample

250221-sqylxstpgw
MD5

cf2ca438000d1b1eb52027e072633348
SHA1

225a0741c9cb1cdddd12dfad6895bb91bb218712
SHA256

002a936cc181ea7e45b5f441d90cfe633a9ba5abece878a789163ca2ef992374
SHA512

6c12d644711ac63005dfc958c69a7e5b842d1e66ae23d8f60373a171572398f73187197f1f480222469dfa371f1a6baea65c5189bbf8e4a593db0e0e907a1396
SSDEEP

768:EuQItT/QUscWUCezGmo2q8tULTWm3oPPIH+Lmo6d3bWBGMxJUzbK7ZhVgQ2MBDZ5:EuQItT/Lm2aTrteLYbWMMbUzbUTgQfd5

Score

10^/10

asyncrat discordrat default discovery execution persistence rat rootkit stealer

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

AntonsFile.exe

Resource

win11-20250217-en

asyncrat discordrat default discovery execution persistence rat rootkit stealer

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

77.100.63.251:5631

Mutex

wPgAGvV1528Y

Attributes

delay
3
install
true
install_file
G.exe
install_folder
%AppData%

aes.plain

Extracted

Family

discordrat

Attributes

discord_token
MTMzNTM2MTY5MTk5OTAxMDgxNg.GtNU3a.zcxe-6PV115CQATEk1hTCU9X-rMD_KNVmCqxEM
server_id
1300562615369732158

Targets

- Target
  
  AntonsFile.exe
- Size
  
  47KB
- MD5
  
  cf2ca438000d1b1eb52027e072633348
- SHA1
  
  225a0741c9cb1cdddd12dfad6895bb91bb218712
- SHA256
  
  002a936cc181ea7e45b5f441d90cfe633a9ba5abece878a789163ca2ef992374
- SHA512
  
  6c12d644711ac63005dfc958c69a7e5b842d1e66ae23d8f60373a171572398f73187197f1f480222469dfa371f1a6baea65c5189bbf8e4a593db0e0e907a1396
- SSDEEP
  
  768:EuQItT/QUscWUCezGmo2q8tULTWm3oPPIH+Lmo6d3bWBGMxJUzbK7ZhVgQ2MBDZ5:EuQItT/Lm2aTrteLYbWMMbUzbUTgQfd5
Score

10^/10

asyncrat discordrat default discovery execution persistence rat rootkit stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Async RAT payload
  rat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdiscordratdefaultdiscoveryexecutionpersistenceratrootkitstealer

© 2018-2025

Terms | Privacy