asyncrat | 33f30f4d6e8cd97f6bf5a1224dbcaf7927c0745ddb867174806bd56ed1963ac3 | Triage

Submit
Reports

Overview

overview

Static

static

3

Downloads.exe

windows7-x64

Downloads.exe

windows10-2004-x64

Sharing

General

Target

Downloads.exe
Size

1.6MB
Sample

250331-dtmaqsssez
MD5

5b932b7539c1c070a3c4bcc36b17ee76
SHA1

c97e12d44f6ba85e9f8de6c25c364ab70a583c41
SHA256

33f30f4d6e8cd97f6bf5a1224dbcaf7927c0745ddb867174806bd56ed1963ac3
SHA512

294f30708cc1f4f52300648fcc83e2de4a796434383c6121cf92fea2cbbdfe9746dcb7c23c64a907c78afe10a6ebb561ec81c84fa81e18dcdf8aff5d866f1dd2
SSDEEP

24576:jngHKYfXTkXy0Z0UplrOlyyXEwlKhgoCY9X8jOlC3rocE/0sED5cHI:zgqKIXzr7OMoBlKRCgvA5P

Score

10^/10

asyncrat quasar umbral default office04 discovery rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Downloads.exe

Resource

win7-20240903-en

asyncrat quasar umbral default office04 discovery rat spyware stealer trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

Downloads.exe

Resource

win10v2004-20250314-en

asyncrat quasar umbral default office04 discovery rat spyware stealer trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

102.41.58.213:5505

Mutex

1e97a2db-0622-4c39-84ac-2f640c70aaf5

Attributes

encryption_key
1F6CCF154B4C85A58D675CA9A482E9C7A041C879
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

197.48.105.157:5505

41.233.14.164:5505

197.48.230.161:5505

102.41.58.213:5505

Mutex

RW4mawavalFO

Attributes

delay
3
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Downloads.exe
- Size
  
  1.6MB
- MD5
  
  5b932b7539c1c070a3c4bcc36b17ee76
- SHA1
  
  c97e12d44f6ba85e9f8de6c25c364ab70a583c41
- SHA256
  
  33f30f4d6e8cd97f6bf5a1224dbcaf7927c0745ddb867174806bd56ed1963ac3
- SHA512
  
  294f30708cc1f4f52300648fcc83e2de4a796434383c6121cf92fea2cbbdfe9746dcb7c23c64a907c78afe10a6ebb561ec81c84fa81e18dcdf8aff5d866f1dd2
- SSDEEP
  
  24576:jngHKYfXTkXy0Z0UplrOlyyXEwlKhgoCY9X8jOlC3rocE/0sED5cHI:zgqKIXzr7OMoBlKRCgvA5P
Score

10^/10

asyncrat quasar umbral default office04 discovery rat spyware stealer trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Detect Umbral payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratquasarumbraldefaultoffice04discoveryratspywarestealertrojan

behavioral2

asyncratquasarumbraldefaultoffice04discoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy