asyncrat | 281ce7db7e9338e11241437e9b4c980506a2dee645438b2f29e395d278b03995 | Triage

Submit
Reports

Overview

overview

Static

static

5

Liberium2.1.exe

windows7-x64

Liberium2.1.exe

windows10-2004-x64

Sharing

General

Target

Liberium2.1.exe
Size

6.3MB
Sample

250329-w1tx9sztg1
MD5

ccfdfb92db45d64ac2ef0daf3751f362
SHA1

79915d8c61f9f44f2211a269e949dc6aa11c1448
SHA256

281ce7db7e9338e11241437e9b4c980506a2dee645438b2f29e395d278b03995
SHA512

c4816f347a3aee1b77ddcd31529019458597d9b6d1c297c3bf7ec14bfb9cb25ceaf01469eb2ed3f8bd636e0160da476728a84cf0f5e7ab4d5822809402eff41f
SSDEEP

196608:FRofnQF79aM5Gv8+VkY6ID5NwbEWWvXHQoiTIPa:FCQF75S3kY6IKEWWPqN

Score

10^/10

asyncrat quasar venomrat default github discovery persistence rat spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Liberium2.1.exe

Resource

win7-20240903-en

asyncrat quasar venomrat default github discovery persistence rat spyware trojan

windows7-x64

31 signatures

150 seconds

Behavioral task

behavioral2

Sample

Liberium2.1.exe

Resource

win10v2004-20250313-en

asyncrat quasar venomrat default github discovery persistence rat spyware trojan

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

GitHub

C2

127.0.0.1:10000

127.0.0.1:650

domain13.ddns.net:10000

domain13.ddns.net:650

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

1
YpbHgt4DSEf63OdVqTCzwSfuJ9xCXag2

Extracted

Family

quasar

Version

1.4.1

Botnet

GitHub

C2

domain13.ddns.net:650

Mutex

21b27c61-8944-4615-8ab6-b84be8f39d71

Attributes

encryption_key
845C5D60A275826BC650C718626063CA6657034B
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost.exe
subdirectory
java JDK 8

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

mer)/bjvoerf&%cwno

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%Temp%
pastebin_config
https://pastebin.com/raw/q6cqRVgM

aes.plain

1
9EVbz1bwajzvqhgWCrlOLI2b3F9Iuef2

Targets

- Target
  
  Liberium2.1.exe
- Size
  
  6.3MB
- MD5
  
  ccfdfb92db45d64ac2ef0daf3751f362
- SHA1
  
  79915d8c61f9f44f2211a269e949dc6aa11c1448
- SHA256
  
  281ce7db7e9338e11241437e9b4c980506a2dee645438b2f29e395d278b03995
- SHA512
  
  c4816f347a3aee1b77ddcd31529019458597d9b6d1c297c3bf7ec14bfb9cb25ceaf01469eb2ed3f8bd636e0160da476728a84cf0f5e7ab4d5822809402eff41f
- SSDEEP
  
  196608:FRofnQF79aM5Gv8+VkY6ID5NwbEWWvXHQoiTIPa:FCQF75S3kY6IKEWWPqN
Score

10^/10

asyncrat quasar venomrat default github discovery persistence rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Async RAT payload
  rat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratquasarvenomratdefaultgithubdiscoverypersistenceratspywaretrojan

behavioral2

asyncratquasarvenomratdefaultgithubdiscoverypersistenceratspywaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.