General
-
Target
b61d9cae70fcb7e27d7a95718dbf0bd8f2d8794d9e35adfeb6d6a61305561c6b
-
Size
1.1MB
-
Sample
241125-rdrr6szpcy
-
MD5
27f646f3b6591f9f7df3fa65d0b2e2f3
-
SHA1
92d089ea1704882148c68447c94a4cc76760d8cb
-
SHA256
b61d9cae70fcb7e27d7a95718dbf0bd8f2d8794d9e35adfeb6d6a61305561c6b
-
SHA512
54279545b48e98dd37f1fcb960ccc00fc4e1a41947da49d34ee63b7ff1a834b55169419c4e4c0a29295bf40e92df2cc55037053bfbe7553978caac932d118101
-
SSDEEP
24576:waZwl60+T/zNewASB8qKX2nyoIDQ2PPTcONWpDey7iI6AWlhA+D2OWygEFA+iL2+:WaT/zvAStyoIDQ2PPTcONWpDey7iIXWA
Malware Config
Extracted
asyncrat
1.0.7
NOV19
notificacionpdf.duckdns.org:8010
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
| Edit 3LOSH RAT
Default
oooptesg.duckdns.org:8020
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
njrat
0.7.3
Lime
gfhgfjfrur.duckdns.org:8031
Client.exe
-
reg_key
Client.exe
-
splitter
1234
Targets
-
-
Target
b61d9cae70fcb7e27d7a95718dbf0bd8f2d8794d9e35adfeb6d6a61305561c6b
-
Size
1.1MB
-
MD5
27f646f3b6591f9f7df3fa65d0b2e2f3
-
SHA1
92d089ea1704882148c68447c94a4cc76760d8cb
-
SHA256
b61d9cae70fcb7e27d7a95718dbf0bd8f2d8794d9e35adfeb6d6a61305561c6b
-
SHA512
54279545b48e98dd37f1fcb960ccc00fc4e1a41947da49d34ee63b7ff1a834b55169419c4e4c0a29295bf40e92df2cc55037053bfbe7553978caac932d118101
-
SSDEEP
24576:waZwl60+T/zNewASB8qKX2nyoIDQ2PPTcONWpDey7iI6AWlhA+D2OWygEFA+iL2+:WaT/zvAStyoIDQ2PPTcONWpDey7iIXWA
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-