asyncrat

General

Target

https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022/tree/main/Discord%20Image%20Token%20Password%20Grabber%20Exploit%20Cve%202022
Sample

221104-zrwbhschaq

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

WindowsDefenderSmarttScreen

C2

217.64.31.3:9742

Mutex

WindowsDefenderSmarttScreen

Attributes

delay
1
install
false
install_file
WindowsDefenderSmarttScreen.exe
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

C2

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes

delay
3
install
false
install_file
System Guard Runtime
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

SecurityHealthServic

C2

20.8.122.174:31682

Mutex

SecurityHealthServic

Attributes

delay
3
install
false
install_file
SecurityHealthService
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

DefenderSmartScren

C2

217.64.31.3:8437

Mutex

DefenderSmartScren

Attributes

delay
3
install
false
install_file
SecurityHealtheurvice.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  https://github.com/RydeinGG/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022/tree/main/Discord%20Image%20Token%20Password%20Grabber%20Exploit%20Cve%202022
Score

10^/10

asyncrat redline defendersmartscren securityhealthservic system guard runtime windowsdefendersmarttscreen infostealer rat upx
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1