asyncrat | dd68a4a8e4d269d9a785c02a5c8c65813007f8a0c2762a06e9069ff7f77739b0 | Triage

Submit
Reports

Overview

overview

Static

static

3

merged.exe

windows7-x64

merged.exe

windows10-2004-x64

Sharing

General

Target

merged.exe
Size

30.0MB
Sample

250331-astfway1hv
MD5

1828b02b97d21e257f5f31fba43c92e9
SHA1

35d8309d87dc1abab6f1c808f5753960cdc50c04
SHA256

dd68a4a8e4d269d9a785c02a5c8c65813007f8a0c2762a06e9069ff7f77739b0
SHA512

36370eaaf8af10fce118e929d12f21287ba1e2d8d777d09b2e5041cb1dd9ebce254935354f15a39b12f008c92ca29dc4a9e78992f26dc4b5d04a31104daa0a1c
SSDEEP

786432:imFxGF3khP1kGYJh5WcR0SGnCP+BuTAzEyI4EETn:iUGUPCJnWqDP+3f3j

Score

10^/10

asyncrat quasar default office04 discovery execution pyinstaller rat spyware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

merged.exe

Resource

win7-20240903-en

asyncrat quasar default office04 discovery pyinstaller rat spyware trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

merged.exe

Resource

win10v2004-20250314-en

asyncrat default discovery execution pyinstaller rat upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

102.41.58.213:5505

Mutex

1e97a2db-0622-4c39-84ac-2f640c70aaf5

Attributes

encryption_key
1F6CCF154B4C85A58D675CA9A482E9C7A041C879
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

197.48.105.157:5505

41.233.14.164:5505

197.48.230.161:5505

102.41.58.213:5505

Mutex

q0nJ1vo1fsSD

Attributes

delay
3
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  merged.exe
- Size
  
  30.0MB
- MD5
  
  1828b02b97d21e257f5f31fba43c92e9
- SHA1
  
  35d8309d87dc1abab6f1c808f5753960cdc50c04
- SHA256
  
  dd68a4a8e4d269d9a785c02a5c8c65813007f8a0c2762a06e9069ff7f77739b0
- SHA512
  
  36370eaaf8af10fce118e929d12f21287ba1e2d8d777d09b2e5041cb1dd9ebce254935354f15a39b12f008c92ca29dc4a9e78992f26dc4b5d04a31104daa0a1c
- SSDEEP
  
  786432:imFxGF3khP1kGYJh5WcR0SGnCP+BuTAzEyI4EETn:iUGUPCJnWqDP+3f3j
Score

10^/10

asyncrat quasar default office04 discovery pyinstaller rat spyware trojan upx execution
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratquasardefaultoffice04discoverypyinstallerratspywaretrojanupx

behavioral2

asyncratdefaultdiscoveryexecutionpyinstallerratupx

© 2018-2025

Terms | Privacy