Description
AsyncRAT is designed to remotely monitor and control other computers.
https://anonfiles.com/L8keN1h0xa/ALL_IN_ONE_CHECKER_COLLECTION_zip
211230-k4b13sffh8
Family | asyncrat |
Version | 1.0.7 |
Botnet | s33s4w |
C2 |
null:null |
Attributes |
anti_vm false
bsod false
delay 1
install true
install_file chrome_update.exe
install_folder %AppData%
pastebin_config https://pastebin.com/raw/REMiDqQN |
aes.plain |
|
Family | quasar |
Version | 1.4.0 |
Botnet | THJAY |
C2 |
s33s4wqsr-31933.portmap.host:31933 |
Attributes |
encryption_key 2138DB726B457D142BA520FA40476B7B3909D03A
install_name services.exe
log_directory Logs
reconnect_delay 3000
startup_key svhost
subdirectory svhost |
Family | cobaltstrike |
Botnet | 305419896 |
C2 |
http://rerddrrdrd-45837.portmap.host:45837/dpixel |
Attributes |
access_type 512
host rerddrrdrd-45837.portmap.host,/dpixel
http_header1 AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2 AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1 GET
http_method2 POST
maxdns 255
polling_time 60000
port_number 45837
sc_process32 %windir%\syswow64\rundll32.exe
sc_process64 %windir%\sysnative\rundll32.exe
state_machine MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA+o3FnsObc9SVI8ZAwc36u7DwsV6UPyQpwMNghiyTj7R0UjoBFvLqcYd/JCGPyFzZWQF80PmH7EQ6cxpNKaeo/hMS0u2s6Kc2UV0SDI97XgAIt0A+41EUNTZ/IjxHTsLAkTwd7ebBEktQidwq7D7zfOJACaWQ70uDmPUudcHy7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1 4096
unknown2 AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri /submit.php
user_agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
watermark 305419896 |
Family | cobaltstrike |
Botnet | 0 |
Attributes |
watermark 0 |
Family | redline |
Botnet | cheat |
C2 |
s33s4wredline-50318.portmap.host:50318 |
https://anonfiles.com/L8keN1h0xa/ALL_IN_ONE_CHECKER_COLLECTION_zip
AsyncRAT is designed to remotely monitor and control other computers.
Detected malicious payload which is part of Cobaltstrike.
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
Quasar is an open source Remote Access Tool.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Looks up country code configured in the registry, likely geofence.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.