Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
Botnet
New MSY
C2
windows11.loseyourip.com:6606
windows11.loseyourip.com:7707
windows11.loseyourip.com:8808
windows11.loseyourip.com:4747
Mutex
AsyncMutex_6SI8OkPnl
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Targets
-
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext