asyncrat

General

Target

https://github.com/TakashVision/Discord-Advanced-Token-Grabber-V1-Wallet-Password-Cookies-More
Sample

240602-t1q59sgf6x

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Google Chrome

C2

51.103.217.70:8585

Mutex

Google Chrome

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Windows Defender

C2

51.103.217.70:8585

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

MetaMask

C2

51.103.217.70:6677

Mutex

MetaMask

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Expoler

C2

51.103.217.70:6677

Mutex

Expoler

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  https://github.com/TakashVision/Discord-Advanced-Token-Grabber-V1-Wallet-Password-Cookies-More
Score

10^/10

asyncrat expoler google chrome metamask windows defender persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Drops startup file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1