General
Static task
static1
URLScan task
urlscan1
Sample
http://13.78.209.105/D/Servers/AsyncClient.exe
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
Botnet
Default
C2
asyncmoney.duckdns.org:7829
asyncmoney.duckdns.org:7840
asyncmoney.duckdns.org:7841
asyncmoney.duckdns.org:7842
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
aes.plain
Targets
-
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE