Active command and control (C2) server backend for an AsyncRAT campaign. The server hosts the listen ...
show moreActive command and control (C2) server backend for an AsyncRAT campaign. The server hosts the listening ports (TCP/80 and TCP/443) used by the malware payload to receive commands and exfiltrate host data. Hosted via Tencent Cloud in Singapore.
This indicator is tied to a high-confidence payload masquerading as an AnyDesk installer with an AV detection ratio of 51/71.
Verified YARA Signature Matches (THOR APT Scanner):
- MAL_NET_Snip3_AsyncRAT_May21 (By Florian Roth - Detects variants dropped by Snip3 crypter)
- MAL_NET_Quasar_Multi_Mar26 (By Jonathan Peters - Detects Quasar/AsyncRAT implementations)
- MAL_NET_AsyncRAT_Nov25 (By Jonathan Peters - Detects open-source AsyncRAT tool)
- SUSP_Common_Malware_Indicators_Nov25 (Common indicators in AsyncRAT/VenomRAT)
Extracted Config Details:
- Botnet ID: GmbH
- Mutex: MN9O0eIMTjOc
- C2 Domain: ck444app.net
- AES Key (Plain): sEgwibZgb6Ue6xJ95rX1kAgALTsR4kWH
show less
PhishingHacking
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.