asyncrat | 1942639c541470539b15b8fea26b1a02b2182ced0f42f22af143c5170bb01cc6 | Triage

Submit
Reports

Overview

overview

Static

static

3

Downloads.exe

windows7-x64

Downloads.exe

windows10-2004-x64

1

Sharing

General

Target

Downloads.exe
Size

30.0MB
Sample

250331-aramday1e1
MD5

ec06a1b0ea6f4debdc9778b59b63ec30
SHA1

9d40cf615c4d9f4c21b892fa5506a8f852cb3e1d
SHA256

1942639c541470539b15b8fea26b1a02b2182ced0f42f22af143c5170bb01cc6
SHA512

d62b9c59d933cda1879fd00d997deb60b952c1573d385638306ecdfdb8604aae56fcc0437566818b688fa694769948b4b8cadcb33e7bce98e69f15f753d973b6
SSDEEP

786432:zuTAzEyI4EETMmFxGF3khP1kGYJh5WcR0SGnCP+W:Rf3QUGUPCJnWqDP+W

Score

10^/10

asyncrat quasar default office04 discovery pyinstaller rat spyware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Downloads.exe

Resource

win7-20240903-en

asyncrat quasar default office04 discovery pyinstaller rat spyware trojan upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

Downloads.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

102.41.58.213:5505

Mutex

1e97a2db-0622-4c39-84ac-2f640c70aaf5

Attributes

encryption_key
1F6CCF154B4C85A58D675CA9A482E9C7A041C879
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

197.48.105.157:5505

41.233.14.164:5505

197.48.230.161:5505

102.41.58.213:5505

Mutex

q0nJ1vo1fsSD

Attributes

delay
3
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Downloads.exe
- Size
  
  30.0MB
- MD5
  
  ec06a1b0ea6f4debdc9778b59b63ec30
- SHA1
  
  9d40cf615c4d9f4c21b892fa5506a8f852cb3e1d
- SHA256
  
  1942639c541470539b15b8fea26b1a02b2182ced0f42f22af143c5170bb01cc6
- SHA512
  
  d62b9c59d933cda1879fd00d997deb60b952c1573d385638306ecdfdb8604aae56fcc0437566818b688fa694769948b4b8cadcb33e7bce98e69f15f753d973b6
- SSDEEP
  
  786432:zuTAzEyI4EETMmFxGF3khP1kGYJh5WcR0SGnCP+W:Rf3QUGUPCJnWqDP+W
Score

10^/10

asyncrat quasar default office04 discovery pyinstaller rat spyware trojan upx
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Async RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratquasardefaultoffice04discoverypyinstallerratspywaretrojanupx

behavioral2

© 2018-2025

Terms | Privacy