asyncrat

General

Target

Downloads.exe
Size

3.6MB
Sample

250331-cdy4xs1va1
MD5

d07a0825045c8467fee83e2b668e944c
SHA1

bff086232a40763ee1f6cf075bfa3626e7ecdf51
SHA256

89ec0cb73afbc666af8de174d6480611875e92a07fc38232bc41a0c63a3b0e89
SHA512

358da591a1176bb6258b41da4b095eef17186bd353c2852aeccce56d6cfc57ab812027cd2851b7b6f89b5dcbabc577289635e3e5dd354fd12a736a3f9a313f91
SSDEEP

98304:zzAu7vg+PONHdBcMyuNFBAkHOZhRaHPnIOMojlQjR9Zs1mIxYl2qq:zzAuTgKqHd1xshEPhHRaTa1jYl2qq

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

102.41.58.213:5505

Mutex

1e97a2db-0622-4c39-84ac-2f640c70aaf5

Attributes

encryption_key
1F6CCF154B4C85A58D675CA9A482E9C7A041C879
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

197.48.105.157:5505

41.233.14.164:5505

197.48.230.161:5505

102.41.58.213:5505

Mutex

RW4mawavalFO

Attributes

delay
3
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Downloads.exe
- Size
  
  3.6MB
- MD5
  
  d07a0825045c8467fee83e2b668e944c
- SHA1
  
  bff086232a40763ee1f6cf075bfa3626e7ecdf51
- SHA256
  
  89ec0cb73afbc666af8de174d6480611875e92a07fc38232bc41a0c63a3b0e89
- SHA512
  
  358da591a1176bb6258b41da4b095eef17186bd353c2852aeccce56d6cfc57ab812027cd2851b7b6f89b5dcbabc577289635e3e5dd354fd12a736a3f9a313f91
- SSDEEP
  
  98304:zzAu7vg+PONHdBcMyuNFBAkHOZhRaHPnIOMojlQjR9Zs1mIxYl2qq:zzAuTgKqHd1xshEPhHRaTa1jYl2qq
Score

10^/10

asyncrat quasar umbral xmrig default office04 miner rat spyware stealer trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Detect Umbral payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- XMRig Miner payload
  miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Async RAT payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Asyncrat family

Detect Umbral payload

Quasar RAT

Quasar family

Quasar payload

Umbral

Umbral family

XMRig Miner payload

Xmrig family

xmrig

Async RAT payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2