asyncrat | bc5d0c784ccc8c455b30a7c793511e4d702d00f4f8003da5f603c0b4ace22c9a | Triage

Submit
Reports

Overview

overview

Static

static

AsyncClient.exe

windows10-2004-x64

AsyncClient.exe

windows11-21h2-x64

Sharing

General

Target

AsyncClient.exe
Size

88KB
Sample

240703-l1823s1eqr
MD5

253a8c072df4c5a81da1c88eb2378ac1
SHA1

9cac2c633ff7fc9da16593b92db269ca38082b32
SHA256

bc5d0c784ccc8c455b30a7c793511e4d702d00f4f8003da5f603c0b4ace22c9a
SHA512

19ef5c01ffe342f941fb7934a95083bdd2940646ebb374f3e2a75f8bad25c38ef9a271abe33cc02ae32cbf74c97f4912ed185f291e42e8dc635e849cdddff202
SSDEEP

1536:xu6BdTAur2yobJzdF4ym4bTFTzGQrI5byDJdSfCPw4:xu6PTAur2yobJzdF4v4bTtzLk5ODJ8fu

Score

10^/10

asyncrat default rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

AsyncClient.exe

Resource

win10v2004-20240611-en

asyncrat default rat

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

AsyncClient.exe

Resource

win11-20240508-en

asyncrat default rat

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

Mutex

WarpDancer

Attributes

delay
3
install
true
install_file
Zirael.exe
install_folder
%Temp%
pastebin_config
httphs://pastebin.com/raw/s14cUU5G

aes.plain

Targets

- Target
  
  AsyncClient.exe
- Size
  
  88KB
- MD5
  
  253a8c072df4c5a81da1c88eb2378ac1
- SHA1
  
  9cac2c633ff7fc9da16593b92db269ca38082b32
- SHA256
  
  bc5d0c784ccc8c455b30a7c793511e4d702d00f4f8003da5f603c0b4ace22c9a
- SHA512
  
  19ef5c01ffe342f941fb7934a95083bdd2940646ebb374f3e2a75f8bad25c38ef9a271abe33cc02ae32cbf74c97f4912ed185f291e42e8dc635e849cdddff202
- SSDEEP
  
  1536:xu6BdTAur2yobJzdF4ym4bTFTzGQrI5byDJdSfCPw4:xu6PTAur2yobJzdF4v4bTtzLk5ODJ8fu
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy