asyncrat

General

Target

5dc2131b756479ca134a42f150f58e42.XZ
Size

3.2MB
Sample

241128-3r9qpa1kbm
MD5

5dc2131b756479ca134a42f150f58e42
SHA1

e6b57272f10a373e49315d7f301d30b1c66e4951
SHA256

a4f19a9864c086af408e8d0dce4ae4489e0cf07b1ada8ea947bca5f5c24bc445
SHA512

080e03d70f5dd0ba104f06b18571303481d3a54b65f4bdec7e281f6a041d9c20950c8a666abd4a3987ca660b054147358764e9f75867a955f719159228e178b0
SSDEEP

98304:+7RiBKLjlh6sGqSycKrc/JDTfyQ3lcp4TXkBkjtztbH0:+ECjlIASyoF3lckX+kjtztbH0

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

PLATA

C2

mastermrcol.net:7474

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

remcos

Botnet

RemoteHost

C2

mastermrcol.net:6565

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-89JTT1
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/01 DEMANDA LABORAL POR ABUSO DE CONFIANZA.exe
- Size
  
  2.3MB
- MD5
  
  5013571e104d9dd42ca2d94e81e430f8
- SHA1
  
  0e0e2b2f1688b77ebea638aa2e12f6462722fcb0
- SHA256
  
  9783cdd475c54ec21a035b5035c80329fa14be830c71c7c133de06ed98ad86d8
- SHA512
  
  c2a4fbb1231cb15fbe3a733c5477d7d0e95ae15cf9a5c7d53eeb452d6b5212a24754d596b90715cead5ae825c989afcacf14c33c1fd363a95cb86a0bc65f932e
- SSDEEP
  
  24576:oKkVrHgHx4mYlt+e5N2lWByqwSFg9NJo7thp9clBb2:Huri4LltP5NSn9NJIclBC
Score

10^/10

asyncrat plata discovery rat spyware stealer remcos remotehost
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/WINMM.dll
- Size
  
  5.0MB
- MD5
  
  9d9b59e2893e58686a0cc608522102bd
- SHA1
  
  b4a213c4f456ca191efc5711f0d2d819874444aa
- SHA256
  
  7b91d4680dd3d290703a50db25b751cb9c7c8b612c1bed0d389ce9ace1f81333
- SHA512
  
  327e63d2c5604210e8ba54d94fcd86b3dfeb91d0cf7af70110869d4f3aafbf00b4f8526defc9dcdeba36449d3fd9d6ddbb97a63ad169f4bbe8cb7a84b07ba218
- SSDEEP
  
  98304:XVo25lOF7FdfzW64cv5tQpgBZwy7zJDSiQCz+acvnIpeT+4:XVoGQJF7v5tQpgBZR7zJDSiQCz+acvI1
Score

10^/10

asyncrat plata discovery rat spyware stealer remcos remotehost
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral3 behavioral4