asyncrat

Sharing

General

Target

https://docs.google.com/uc?export=download&id=1y2UoIwd7m-LShRwsg1LE4wpX7fgxo0UG
Sample

241029-vdwmxawkft

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://pastebin.com/raw/Adv9gBHa

Extracted

Language

ps1

Source

URLs

exe.dropper

https://pastebin.com/raw/Adv9gBHa

Extracted

Language

ps1

Source

URLs

exe.dropper

https://pastebin.com/raw/Adv9gBHa

Extracted

Language

ps1

Source

URLs

exe.dropper

https://pastebin.com/raw/Adv9gBHa

Extracted

Family

asyncrat

Version

1.0.7

Botnet

octubre22

manuelmorenomanuel1234.duckdns.org:2024

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

octubre22

manuelmorenomanuel123.duckdns.org:2025

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

carlitosmoreno1794.duckdns.org:2019

Mutex

bde06c84e1de4b23b

Attributes

reg_key
bde06c84e1de4b23b
splitter
@!#&^%$

Extracted

Family

remcos

Botnet

RemoteHost

carlitosmoreno1792.duckdns.org:2016

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
true
keylog_crypt
false
keylog_file
registros.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-ZOL3YD
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Capturas de pantalla
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Extracted

Family

wshrat

http://peinadorafael779.duckdns.org:2015

Targets

- Target
  
  https://docs.google.com/uc?export=download&id=1y2UoIwd7m-LShRwsg1LE4wpX7fgxo0UG
Score

10^/10

asyncrat njrat remcos wshrat nyan cat octubre22 remotehost defense_evasion discovery evasion execution persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Njrat family
  njrat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- UAC bypass
  evasion trojan
- WSHRAT
  WSHRAT is a variant of Houdini worm and has vbs and js variants.
  trojan wshrat
- WSHRAT payload
- Wshrat family
  wshrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1