Cotação de desconto para licenças múltiplas

Mudar de região

English Português
Banco de Dados de Ameaças Ferramentas de Administração Remota AsyncRAT

AsyncRAT

Por GoldSparrow em Ferramentas de Administração Remota
Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank: 3,788
Nível da Ameaça: 80 % (Alto)
Computadores infectados: 263
Visto pela Primeira Vez: February 6, 2019
Visto pela Última Vez: February 24, 2026
SO (s) Afetados: Windows

O AsyncRAT é um projeto que parece ter sido desenvolvido com propósitos educacionais, ou pelo menos é o que seu criador está reivindicando na sua página do GitHub. O código do AsyncRAT está disponível publicamente na página do GitHub mencionada anteriormente. Uma vez que os especialistas em malware revisaram o código, rapidamente ficou claro que o AsyncRAT pode servir como uma ferramenta muito ameaçadora se cair nas mãos de pessoas mal-intencionadas.

Capacidades

O AsyncRAT não é muito diferente da maioria dos RATs existentes, mas isso não o torna menos ameaçador. Essa ameaça é capaz de registrar as suas teclas, pois possui um módulo de keylogging. Isso geralmente é usado para coletar credenciais de login e outros dados confidenciais. O AsyncRAT também pode gravar vídeo através da webcam no sistema comprometido, bem como gravar áudios usando o microfone. Esse RAT também possui um recurso de roubo de informações, que permite que o AsyncRAT colete informações de serviços de mensagens, navegadores da Web e clientes FTP. Além disso, o AsyncRAT pode visualizar, baixar e fazer upload de arquivos no PC infectado, o que significa que ele pode não apenas coletar cópias dos seus arquivos, mas também plantar malwares adicionais.

O perigo real do AsyncRAT não é porque ele oculta as suas capacidades, mas o fato de que o seu criador disponibilizou publicamente essa ameaça. Isso significa que qualquer indivíduo mal-intencionado, mesmo aqueles com habilidades técnicas nulas, podem usar essa ameaça para causar grandes danos aos usuários desavisados. Um cenário ainda mais assustador é quando imaginamos que criminosos cibernéticos altamente qualificados podem usar o código do AsyncRAT e reforçar a ameaça para torná-la ainda mais ameaçadora. É hora dos usuários perceberem que precisam levara sua segurança cibernética muito a sério, pois ameaças como o AsyncRAT estão à espreita em toda a Web. Baixe e instale uma ferramenta anti-spyware genuína, que manterá as ameaças como o AsyncRAT sob controle e lhe darão tranqüilidade.

Relatório de análise

Informação geral

Family Name: Trojan.AsyncRAT
Signature status: No Signature

Known Samples

MD5: 5a6d4e07856b64b15a5640c15315a601
SHA1: 4314859fa3713e2a74627b4ffa1b543847c0b918
SHA256: 5BA402708E936DB5C17F165C94EBB11EF459F472CBF32AAB8E5B6704860E5F9B
Tamanho do Arquivo: 1.42 MB, 1421253 bytes
MD5: 6b0ad984a7622e1fae72db821b65fe8c
SHA1: a40696bc65d1967fd4fa359f2873eaf18ca8162f
SHA256: AA643736F8D14995E3D175AEA01C10DD5CA69355BCFF218000A281344A834E45
Tamanho do Arquivo: 3.33 MB, 3333120 bytes
MD5: 6891ad64be276d61bbc2f903b99c0360
SHA1: 43b139bb7972cbf5101ebd0c397b157e438230f4
SHA256: 8A7BC99E972221F1AFA4024789EC0F3F23875AFC250BD1D41DA26D7DF75AF17C
Tamanho do Arquivo: 3.27 MB, 3265536 bytes
MD5: 3dd5c4df8024954b7cf424e170baf7af
SHA1: 11c6d66bcd54a3fb8a3dd93f001492e88de25187
SHA256: 8CDB00E3E157F21A13E73DD32F04C1A110C4A54BFB2B705DC9878EDC3490E525
Tamanho do Arquivo: 3.27 MB, 3265536 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nome Valor
Assembly Version 1.4.1.0
Company Name microsoft
File Description
  • Quasar Client
  • windows
File Version
  • 1.4.1.1
  • 1.4.1
Internal Name
  • Client.exe
  • microsoft
Legal Copyright
  • Copyright © MaxXor 2023
  • microsoft
Legal Trademarks microsoft
Original Filename
  • Client.exe
  • microsoft
Product Name
  • microsoft
  • Quasar
Product Version
  • 1.4.1.0
  • 1.4.1

File Traits

  • .NET
  • Run
  • x86

Block Information

Total Blocks: 14,560
Potentially Malicious Blocks: 307
Whitelisted Blocks: 14,252
Unknown Blocks: 1

Visual Map

x x x x 0 0 x x x x x x x 0 0 0 x 0 x x 0 x x x 0 x x 0 x x x x 0 x x x 0 x x x x x x x x x x x x x x 0 0 x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x 0 x x x 0 x x x 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x x x x x x x x x x x 0 x 0 x x x x 0 0 0 0 0 x x x x x 0 x x x x x x x x x 0 x 0 x 0 0 0 0 x 0 0 x x 0 0 x x x x x x x x x x x 0 x x x x x 0 0 0 x 0 0 x 0 0 0 0 x 0 x x 0 0 x 0 x x x x 0 x 0 0 x x x 0 x x x x x x 0 x 0 x x x x 0 0 x x 0 0 x 0 0 x x x x x 0 x 0 0 0 0 x x x x x x x x x x x x 0 0 0 0 x x x x x x x x 0 x x x x x x x x 0 x x x x 0 x x x 0 x x x x x x x x x x 0 x x x 0 x x x 0 x 0 x x 0 x x x x 0 x x x x x 0 x x 0 0 0 x 0 0 0 0 x 0 0 x x x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x x x 0 0 x x x x 0 x x x x 0 x 0 0 x 0 x 0 0 0 x x 0 x 0 x 0 0 0 0 x x x x 0 0 0 x x x x 0 0 0 0 x 0 0 x x 0 x x 0 x x x x 0 x x x x 0 x x 0 x x x x 0 x 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Mardom.SF
  • MSIL.Quasar.B
  • MSIL.Quasar.CA
  • MSIL.Quasar.CB
  • MSIL.Spy.RC
Show More
  • MSIL.Spy.RCB

Files Modified

File Attributes
c:\users\user\appdata\local\temp\rarsfx0\0c3ec305-c0b2-settingsmanager.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\0c3ec305-c0b2-settingsmanager.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926078 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\minecraftmodsphoto.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\minecraftmodsphoto.jpg Synchronize,Write Attributes

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetWriteWatch
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResetWriteWatch
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
Other Suspicious
  • AdjustTokenPrivileges
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext

Tendendo

American Express - Golpe por e-mail: Atualização de...

Phishing, Spam
Manter-se vigilante ao lidar com e-mails inesperados é essencial no ambiente digital atual. Criminosos cibernéticos frequentemente se fazem passar por marcas confiáveis para enganar os destinatários e obter informações confidenciais. O chamado golpe do e-mail "American Express - Atualização de Acesso à Conta Necessária" é um exemplo desse tipo de campanha de phishing. Esses e-mails não estão...

Mais visto

Carregando...