General
-
Target
https://github.com/adi33333333334/
-
Sample
250218-xydzpsxrv9
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
0.5.8
Botnet
Syntax Bootstrapper
C2
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:6606
127.0.0.1:39473
lolzpopbob-31243.portmap.host:7707
lolzpopbob-31243.portmap.host:8808
lolzpopbob-31243.portmap.host:6606
lolzpopbob-31243.portmap.host:39473
Mutex
gte9kAyhP56e
Attributes
-
delay
3
-
install
true
-
install_file
SyntaxBoostTrappera.exe
-
install_folder
%AppData%
aes.plain
Extracted
Family
discordrat
Attributes
-
discord_token
MTExNjk5NjU3OTM3NTcxODQ2MA.GQCXQH.xBOhNgRuTYbvNVUNjtEDkZuxt-O-554xPfUm04
-
server_id
1116412300795072686
Targets
-
-
Target
https://github.com/adi33333333334/
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-