General
-
Target
test.ps1.bin
-
Size
265KB
-
Sample
220613-ylpq4saddr
-
MD5
f37a509baeac04efc86fc3eccfac1ad8
-
SHA1
abc41d2ea340e28776be1a28de2f5b60dc23b72a
-
SHA256
3874b85080f406245c01ad0ee4c758219e83fdf69299dcefffd75a6e47f5c462
-
SHA512
1aa38186d6c98bc6d2018386184185195dc23e8a7bf812fdc899fe1163d3978afd4ce437fb94b81396d7c638f19471cc0fc5e0e0cf4c8b4e2f6c957917a69b2f
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
$$$$
cdtpitbull.hopto.org:7707
cdtpitbull.hopto.org:4404
cdtpitbull.hopto.org:5505
cdtpitbull.hopto.org:3303
cdtpitbull.hopto.org:2222
chromedata.accesscam.org:7707
chromedata.accesscam.org:4404
chromedata.accesscam.org:5505
chromedata.accesscam.org:3303
chromedata.accesscam.org:2222
datacontrol.ddns.net:7707
datacontrol.ddns.net:4404
datacontrol.ddns.net:5505
datacontrol.ddns.net:3303
datacontrol.ddns.net:2222
cdt2023.ddns.net:7707
cdt2023.ddns.net:4404
cdt2023.ddns.net:5505
cdt2023.ddns.net:3303
cdt2023.ddns.net:2222
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
DesbravadorUpdata.exe
-
install_folder
%AppData%
Targets
-
-
Target
test.ps1.bin
-
Size
265KB
-
MD5
f37a509baeac04efc86fc3eccfac1ad8
-
SHA1
abc41d2ea340e28776be1a28de2f5b60dc23b72a
-
SHA256
3874b85080f406245c01ad0ee4c758219e83fdf69299dcefffd75a6e47f5c462
-
SHA512
1aa38186d6c98bc6d2018386184185195dc23e8a7bf812fdc899fe1163d3978afd4ce437fb94b81396d7c638f19471cc0fc5e0e0cf4c8b4e2f6c957917a69b2f
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
Suspicious use of SetThreadContext
-