Cotação de desconto para licenças múltiplas

Mudar de região

English Português
Banco de Dados de Ameaças Ferramentas de Administração Remota AsyncRAT

AsyncRAT

Por GoldSparrow em Ferramentas de Administração Remota
Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank: 5,468
Nível da Ameaça: 80 % (Alto)
Computadores infectados: 230
Visto pela Primeira Vez: February 6, 2019
Visto pela Última Vez: January 23, 2026
SO (s) Afetados: Windows

O AsyncRAT é um projeto que parece ter sido desenvolvido com propósitos educacionais, ou pelo menos é o que seu criador está reivindicando na sua página do GitHub. O código do AsyncRAT está disponível publicamente na página do GitHub mencionada anteriormente. Uma vez que os especialistas em malware revisaram o código, rapidamente ficou claro que o AsyncRAT pode servir como uma ferramenta muito ameaçadora se cair nas mãos de pessoas mal-intencionadas.

Capacidades

O AsyncRAT não é muito diferente da maioria dos RATs existentes, mas isso não o torna menos ameaçador. Essa ameaça é capaz de registrar as suas teclas, pois possui um módulo de keylogging. Isso geralmente é usado para coletar credenciais de login e outros dados confidenciais. O AsyncRAT também pode gravar vídeo através da webcam no sistema comprometido, bem como gravar áudios usando o microfone. Esse RAT também possui um recurso de roubo de informações, que permite que o AsyncRAT colete informações de serviços de mensagens, navegadores da Web e clientes FTP. Além disso, o AsyncRAT pode visualizar, baixar e fazer upload de arquivos no PC infectado, o que significa que ele pode não apenas coletar cópias dos seus arquivos, mas também plantar malwares adicionais.

O perigo real do AsyncRAT não é porque ele oculta as suas capacidades, mas o fato de que o seu criador disponibilizou publicamente essa ameaça. Isso significa que qualquer indivíduo mal-intencionado, mesmo aqueles com habilidades técnicas nulas, podem usar essa ameaça para causar grandes danos aos usuários desavisados. Um cenário ainda mais assustador é quando imaginamos que criminosos cibernéticos altamente qualificados podem usar o código do AsyncRAT e reforçar a ameaça para torná-la ainda mais ameaçadora. É hora dos usuários perceberem que precisam levara sua segurança cibernética muito a sério, pois ameaças como o AsyncRAT estão à espreita em toda a Web. Baixe e instale uma ferramenta anti-spyware genuína, que manterá as ameaças como o AsyncRAT sob controle e lhe darão tranqüilidade.

Relatório de análise

Informação geral

Family Name: Trojan.AsyncRAT
Signature status: No Signature

Known Samples

MD5: 5a6d4e07856b64b15a5640c15315a601
SHA1: 4314859fa3713e2a74627b4ffa1b543847c0b918
SHA256: 5BA402708E936DB5C17F165C94EBB11EF459F472CBF32AAB8E5B6704860E5F9B
Tamanho do Arquivo: 1.42 MB, 1421253 bytes
MD5: 6b0ad984a7622e1fae72db821b65fe8c
SHA1: a40696bc65d1967fd4fa359f2873eaf18ca8162f
SHA256: AA643736F8D14995E3D175AEA01C10DD5CA69355BCFF218000A281344A834E45
Tamanho do Arquivo: 3.33 MB, 3333120 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nome Valor
Assembly Version 1.4.1.0
Company Name microsoft
File Description windows
File Version 1.4.1.1
Internal Name microsoft
Legal Copyright microsoft
Legal Trademarks microsoft
Original Filename microsoft
Product Name microsoft
Product Version 1.4.1.0

File Traits

  • .NET
  • Run
  • x86

Block Information

Total Blocks: 14,560
Potentially Malicious Blocks: 308
Whitelisted Blocks: 14,252
Unknown Blocks: 0

Visual Map

x x x x 0 0 x x x x x x x 0 0 0 x 0 x x 0 x x x 0 x x 0 x x x x 0 x x x 0 x x x x x x x x x x x x x x 0 0 x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x 0 x x x 0 x x x 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x x x x x x x x x x x 0 x 0 x x x x 0 0 0 0 0 x x x x x 0 x x x x x x x x x 0 x 0 x 0 0 0 0 x 0 0 x x 0 0 x x x x x x x x x x x 0 x x x x x 0 0 0 x 0 0 x 0 0 0 0 x 0 x x 0 0 x 0 x x x x 0 x 0 0 x x x 0 x x x x x x 0 x 0 x x x x 0 0 x x 0 0 x 0 0 x x x x x 0 x 0 0 0 0 x x x x x x x x x x x x 0 0 0 0 x x x x x x x x 0 x x x x x x x x 0 x x x x 0 x x x 0 x x x x x x x x x x 0 x x x 0 x x x 0 x 0 x x 0 x x x x 0 x x x x x 0 x x 0 0 0 x 0 0 0 0 x 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x x x 0 0 x x x x 0 x x x x 0 x 0 0 x 0 x 0 0 0 x x 0 x 0 x 0 0 0 0 x x x x 0 0 0 x x x x 0 0 0 0 x 0 0 x x 0 x x 0 x x x x 0 x x x x 0 x x 0 x x x x 0 x 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Mardom.SF
  • MSIL.Quasar.B
  • MSIL.Quasar.CA
  • MSIL.Quasar.CB
  • MSIL.Spy.RC
Show More
  • MSIL.Spy.RCB

Files Modified

File Attributes
c:\users\user\appdata\local\temp\rarsfx0\0c3ec305-c0b2-settingsmanager.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\0c3ec305-c0b2-settingsmanager.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926078 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\minecraftmodsphoto.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\minecraftmodsphoto.jpg Synchronize,Write Attributes

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetWriteWatch
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResetWriteWatch
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
Other Suspicious
  • AdjustTokenPrivileges
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext

Tendendo

Mais visto

Carregando...