asyncrat | 5e1b238642a824af1333443f125f3e0e699768c9a33be81f899f65fecd4ba86f | Triage

Submit
Reports

Overview

overview

Static

static

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

74KB
Sample

250331-nd39es1lv9
MD5

8858177a6b8c6874dc44570c1d6e47ab
SHA1

e5692c7e3198378ef684dc4482599610bc8d1e60
SHA256

5e1b238642a824af1333443f125f3e0e699768c9a33be81f899f65fecd4ba86f
SHA512

92bfaf9d624c5c05cafff01fa9d21467e99f6f46455f2441e500e3f0f539be12b96968e1c7b96f9cca73141e1326476be58e9b3e7c0d2256685dc2ad55519876
SSDEEP

1536:qUsgcxbVzCt+PPMVme9VdQuDI6H1bf/264QzcWLVclN:qU5cxblTPPMVme9VdQsH1bfO64QvBY

Score

10^/10

asyncrat default discovery rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win10v2004-20250314-en

asyncrat default discovery rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

L838 RAT v1.0.0

Botnet

Default

Mutex

uhuhlilars

Attributes

delay
3
install
true
install_file
Windows Font Manager.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/rVJQPNVe

aes.plain

1
aH80go03G7u7RpRXMnK0AJsTmSPh5tgw

Targets

- Target
  
  Client.exe
- Size
  
  74KB
- MD5
  
  8858177a6b8c6874dc44570c1d6e47ab
- SHA1
  
  e5692c7e3198378ef684dc4482599610bc8d1e60
- SHA256
  
  5e1b238642a824af1333443f125f3e0e699768c9a33be81f899f65fecd4ba86f
- SHA512
  
  92bfaf9d624c5c05cafff01fa9d21467e99f6f46455f2441e500e3f0f539be12b96968e1c7b96f9cca73141e1326476be58e9b3e7c0d2256685dc2ad55519876
- SSDEEP
  
  1536:qUsgcxbVzCt+PPMVme9VdQuDI6H1bf/264QzcWLVclN:qU5cxblTPPMVme9VdQsH1bfO64QvBY
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoveryrat

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.