General
-
Target
New Text Document.txt
-
Size
211B
-
Sample
240508-k16fhsfd42
-
MD5
ab792943e8199361fd3e9fbc083c4cae
-
SHA1
2359401e23adce22075295db3535d84041aafeea
-
SHA256
8c4ccacd4287b5666ef559ef8ecc3cdb6bf51abfaf1b66532eaabb340eed9dca
-
SHA512
58fba50dcc76903d0aac4cf0f119dfc0d0eddf1cd2a3cb80c99bd378ef254b5c3ebe61bd0d542360bb7836e39db4454796511d113b35485b5e47b14e95e46918
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
Google Chrome
51.103.217.70:8585
Google Chrome
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
MetaMask
51.103.217.70:6677
MetaMask
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
Windows Defender
51.103.217.70:8585
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
Expoler
51.103.217.70:6677
Expoler
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
New Text Document.txt
-
Size
211B
-
MD5
ab792943e8199361fd3e9fbc083c4cae
-
SHA1
2359401e23adce22075295db3535d84041aafeea
-
SHA256
8c4ccacd4287b5666ef559ef8ecc3cdb6bf51abfaf1b66532eaabb340eed9dca
-
SHA512
58fba50dcc76903d0aac4cf0f119dfc0d0eddf1cd2a3cb80c99bd378ef254b5c3ebe61bd0d542360bb7836e39db4454796511d113b35485b5e47b14e95e46918
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-