AsyncRAT - Indicators of Compromise

Name: AsyncRAT Indicators of Compromise
Creator: Yazoul Security
License: https://creativecommons.org/licenses/by-sa/4.0/

Last updated: 2026-04-18

C2 Domains (82)

amor11.duckdns.org
update35630.duckdns.org
sxhangtie.com
qpxd3gb5z.localto.net
bk7pwxz9yt.localto.net
f4lmbzwznn.localto.net
sklogihex1.ddns.net
uejrhnfq.duckdns.org
ny999luck.com
ny888luck.com
ny777luck.com
ny666luck.com
je999cs.com
je888cs.com
je777cs.com
je666cs.com
v3.xoilaczzzze.tv
v2.xoilaczzzze.tv
quantri.xoilaczzzze.tv
phishing.xoilaczzzze.tv
ddos.xoilaczzzze.tv
data.xoilaczzzze.tv
backup.xoilaczzzze.tv
atex.xoilaczzzze.tv
www.dengedwww.dengedenetleme.orgenetleme.org
rophim.fwh.is
net10.webredirect.org
malware.zonamaluku.com
malware.tuc.co.com
malware.sweetshenanigansbakeshop.com
malware.supersportsgifts.com
malware.skprojects.it.com
malware.sacduc.net
malware.phimsexhayvno.com
malware.ochsenhuette.ch
malware.newshop1.com
malware.lanterna.ru.com
malware.kingbillydrinks.co.uk
malware.internetowa.tv
malware.iepbritanico.com
malware.hxwatertreatment.com
malware.gurunanaknamkeen.in.net
malware.easystyle.it.com
malware.congngheanhsang.com
malware.condaoseatravel.com
malware.clsbellevaux.com
malware.chriswhelan.co.uk
malware.ashfordbathroomcentre.co.uk
malware.artsomewhere.com
malware.agaoutofoffice.com
malware.29dsasprosnowmeprona.za.com
lioisanigger-38893.portmap.host
lanterna.ru.com
internetowa.tv
iepbritanico.com
hxwatertreatment.com
gurunanaknamkeen.in.net
gatex.www.dengedenetleme.org
gatex.classofcovid.org
easystyle.it.com
dreamroblox.com
dengedenetleme.org
congngheanhsang.com
condaoseatravel.com
clsbellevaux.com
classofcovid.org
chriswhelan.co.uk
ashfordbathroomcentre.co.uk
artsomewhere.com
agaoutofoffice.com
29dsasprosnowmeprona.za.com
fly88bi.jp.net
xn--gmq90amm486bwinn5dqrt.jp.net
malware.smarthome.co.com
malware.propertiesinmumbai.in.net
henedyu4.sa.com
e3zp8fgzvy.localto.net
zbot.minhamochiladeviagem.com
zbot.chownjoysomerville.com
xoilaczskzxpt.tv
wannacry.banlinhdinhcao.com
vsbet94.com

C2 IP Addresses (74)

91.242.179.62
81.163.111.127
91.242.179.84
178.16.53.139
45.74.244.142
145.239.200.154
82.165.179.9
194.182.64.133
91.218.183.177
83.142.209.230
89.163.135.20
213.152.162.27
206.123.137.67
12.202.180.133
172.105.180.51
156.214.248.253
178.16.52.58
172.111.233.91
185.242.3.83
45.83.31.98
161.248.179.38
91.92.242.249
154.205.200.50
146.70.100.96
104.168.70.190
147.124.219.156
85.217.171.59
165.232.45.1
46.109.54.25
124.198.132.79
178.16.54.184
82.165.51.16
178.16.55.108
165.227.177.122
165.227.115.71
158.94.210.135
178.16.54.125
93.144.96.45
213.142.151.94
155.94.163.103
94.154.35.73
34.28.38.140
176.65.132.128
211.197.94.135
85.17.54.227
85.209.120.47
37.72.172.58
146.70.51.74
146.70.49.42
158.94.208.135
209.145.63.3
104.243.248.63
67.210.97.27
164.68.120.30
172.94.18.103
144.126.149.104
91.92.241.103
45.133.180.162
158.94.208.111
178.16.55.211
194.116.236.112
158.94.210.95
158.94.208.109
38.242.144.218
160.187.210.154
203.109.70.19
45.153.34.14
161.248.239.247
78.84.234.11
193.161.193.99
159.253.120.110
91.231.222.220
158.94.208.206
91.92.241.142

Malicious URLs (56)

http://81.163.111.127:8000/eww.exe
http://81.163.111.127:8000/swchost.exe
http://81.163.111.127:8000/swchost2.exe
http://81.163.111.127:8000/install3.exe
http://81.163.111.127:8000/81ip.exe
http://81.163.111.127:8000/workin.exe
https://accessible-peach-termite.myfilebase.com/ipfs/QmVzGgstGZeBYcqnvndsS3fDWp8Dixo4UAX1exjGmSaSVn?download=true&filename=7777778.txt
https://accessible-peach-termite.myfilebase.com/ipfs/QmVzGgstGZeBYcqnvndsS3fDWp8Dixo4UAX1exjGmSaSVn?
https://firebasestorage.googleapis.com/v0/b/spenglercomics.firebasestorage.app/o/task.txt?alt=media&token=f162f5ce-52f7-4407-8cc4-dd96cedd9b0e
http://62.60.226.159/ability_3759.42.6_INSTALL.exe
https://epgoldsecurity.com/XWormClient.exe
https://epgoldsecurity.com/XWormClient2.exe
http://192.177.26.196/files/6334661508/lzyfkOs.exe
http://209.38.18.1/cbot/licenseservice.exe
http://209.38.18.1/cbot/svchost.exe
http://209.38.18.1/cbot/System.exe
http://158.94.208.168/files/2038862353/UbL56O6.exe
http://158.94.208.168/files/6334661508/lzyfkOs.exe
https://github.com/moyousry95/slash2/raw/refs/heads/main/Security.exe
https://github.com/moyousry95/slash/raw/refs/heads/main/Graphics.exe
https://raw.githubusercontent.com/moyousry95/slash/refs/heads/main/SecurityHealthSystry.exe
https://raw.githubusercontent.com/moyousry95/slash/refs/heads/main/Graphics.exe
https://raw.githubusercontent.com/moyousry95/slash2/refs/heads/main/Security.exe
http://156.233.71.230/EN/Exe/nhFRAN/interac.bat
http://156.233.71.230/EN/Exe/nhFRAN/interac.exe
https://github.com/xbox360modderv3/gggbig/raw/refs/heads/main/AsyncClient3.exe
https://raw.githubusercontent.com/xbox360modderv3/gggbig/refs/heads/main/AsyncClient3.exe
https://github.com/xbox360modderv3/gggbig/raw/refs/heads/main/AsyncClient4.exe
https://raw.githubusercontent.com/xbox360modderv3/gggbig/refs/heads/main/AsyncClient4.exe
https://github.com/xbox360modderv3/hhg55/raw/refs/heads/main/AsyncClient5.exe
https://raw.githubusercontent.com/xbox360modderv3/hhg55/refs/heads/main/AsyncClient5.exe
https://github.com/xbox360modderv3/ddjfj/raw/refs/heads/main/AsyncClient1.exe
https://raw.githubusercontent.com/xbox360modderv3/ddjfj/refs/heads/main/AsyncClient1.exe
https://www.almacensantangel.com/ENCRY090PT.Ps1
http://www.almacensantangel.com/ENnmCRYPT.Ps1
http://158.94.208.7/files/8535406641/AYRS45O.exe
https://compimento.ba/asyncdecenimg_050306.png
http://85.137.253.58:9000/svchost.exe
http://85.137.253.58:9000/XClient.exe
https://dl.dropboxusercontent.com/scl/fi/x97ra6bino9olbolx8ha8/optimized_MSI.png?rlkey=ek4gmta3ih6tg3kq3m9su1zsr&st=ao90xecu&dl=0?id=661120a4-f576-4e8f-bc6a-7b48650ac68c
https://fertas.com.tr/fish.txt
https://github.com/ademmartinez71-cmd/test/raw/refs/heads/main/XClient.exe
https://raw.githubusercontent.com/ademmartinez71-cmd/test/refs/heads/main/XClient.exe
http://158.94.211.222/files/2070717540/IPvJTgG.bat
http://msidownloads.duckdns.org/Nueva%20carpeta/vm.png
http://ia600705.us.archive.org/23/items/optimized_msi_20260303/optimized_MSI.png
https://wpgbf1zg-5500.euw.devtunnels.ms/loader/RANKUP/FREE/FreeFortniteCheat.zip
https://loader-400.pages.dev/MRX/FreeFortniteCheat.zip
https://wpgbf1zg-5500.euw.devtunnels.ms/64/64th%20Services.exe
https://wpgbf1zg-5500.euw.devtunnels.ms/64/loader.exe
https://loader-400.pages.dev/64/64thServices%20v24.zip
http://130.12.180.43/files/8408827406/AHUfa84.exe
http://archive.org/download/optimized_msi_20260226_1507/optimized_MSI.png
https://wpgbf1zg-5500.euw.devtunnels.ms/free.exe
https://loader-400.pages.dev/RANKUP/FREE/FreeFortniteCheat.zip
https://wpgbf1zg-5500.euw.devtunnels.ms/rankup/freetemp/RankupServiceFreeTemp.exe

SHA256 Hashes (73)

eb018acb6e5a762ad7dcff4227a3ed4c836a43d24c5876805f41e039e9f7a09b
99a155b641fd77436af856b8daf01c896130e915281f6e2287d86eb7408af6b7
679ce9eb3e1bdba8ed58fa53690ae879ce50679be97fbc41e85cbb6a88bbeb0a
52db82045a84885d6baf046b451a1c8473e3eb0e4b3e2bda84e2c2af2ac27645
82f28b2ecc7158d827089712f84c664c124aa94fde9ea353608b22ee110d73d7
3a544ee360c3c495535e7ad51c96a7a07adbc4e60cdfc6d1f45cad2087b1ffc7
64268aabb05ab23b0e746311547591818ac496ff355ab8f158645a5060a94f2f
3118da9187b9664b9e46f149689359691b5d5a580bec74b6993f301ef5d11583
15928163a98a3e4e0360472563fff515a93a5eeb1135363e649fe1188dc93d34
a65c6f7e36a274402a40b3dd676d50ed00505bc7e7c1ec34faf1c88bee76c990
93d455a4a7f171ee527d4393034bbeefe0dd034c44d4f88edbc4992fecd70d65
f0ac3f4ba5a01e0d066b935db2c2f1fe42078f8e0882c46f3eb1b9f03add3c39
fa940681c5cfc96d8553e27982b3faa92fcebc2f7656a4aed71511c0a93807bf
08e41de61e3905ec85a0054033b69a51e9bd4ee9e0e565bf57c82e27821ff468
fbae574b2e4733c1560e760125619310d239041235306079e9d26f436c308cb1
053af08724cc5542c0f205c40ee6312c9dda890af51926b340c31e9b25e02c13
a427fa673e299b88a661fdc7661e833f857a2111bc12909048942f6b08be864a
cfc9ac1284b43f2dedcb17c40d51b93147aa7a7f8dcf0e60b7599d5561aa9488
6232e6cb80300814f6b37b330017b2d0c540602f6a2a52fb738d91fe0d713e02
0e794ed2362dd814dba0834d9cfdce7642ba018c00f415bbb95292ffde330aa0
a09983abaf1f037e8da8a9ad18079a2ce26a1c0ac1e2948390a4e916d77440e3
11c5785562293d1e7f1a9148fe250b19ce61f2095e68ef70d3ccd26d05da230c
cf0a0b5a76c295abf782093be701d0ca4a81fb98399ebd267f3a43686cc0f604
b1da5c5f8f75265343913f9dbb5578a0c97f3a05d730bf620e67b491fdae2630
5f9f9b11d66f51e06801468019ca6a43ce4bce0fd1bbdf12c3863c7252a37096
7354ea6d38bd6f177a858d44de7cfb81a001e2b559b2796ea7681c8e6fc150a6
bee1a2041e9433e9f8a92eb55327eded19229f0c46ec267c0e32c5b37ba9ce50
d5640399613a1d35867bf069eee7c8bf4779caceda30f499426a15bc18b4130d
d77b3f897accc56707ba188e39c59fbc10163319674f31cc55c4b7d6641f950c
4fcbe167dcd88e72b52ed43a3bc0b27d3a68f64efbd1f23e0113cd9f55a55f12
dee1f9121f3a6682101389f432b4dee709507f7ace0a21d9cdbe373a40998e73
e3c741645c81ba04a1ce8095dce081f7452b67bf2927fe23e0d68d4f7021754b
a9814c12c8f86a7b13e2d8889f6d0b082bca0cb6574704501470775ae27e1f26
637efa8a39524160858818ff63e2e0e502d5808aee97063ba4e98ee15267d0f7
dba68a3035a409a34c848cb1218399fb7c9be87e45d0ed618e2d56f5fba19fb3
4b3b9e2e24a56ab342bb517e97acbd203d37a090b0159401bb6a54fc11230b88
bda2b0b9985a34ff7589bec1b5f4eabf3c4e452ba479111663dc96253468b115
e94865b2b225c8fe7e51c224d486c50711441647cf2266a7a698c1e56576036f
00823f9a400139cf09885081cfa1115fe169df77dc01fe600f1393419fc5a5d6
21117a9986e6c46e6ded575f875b254218d4d9b9588c1391fddf3b8b7cfa7e61
595ebb854f6512804b3603ac8b63670531bd2c477845fd8b08d3411ae092cc38
030967003eace6864210b5ac969bd55e91eda783aa60869fe6ff6dae00ee9c96
0a2c926442601cdd883dfc4d4b64b2f275d42fdeab88c082ca1cadbce2aad59c
13beedd8a3f0a76dd864ff5693f3da4e70f7abf2fa846c9e51f1c87994ee0f61
d6775349cb389f4c7a15478fef2c83baaf24540e28a57a40bd7d8e0fd24e65fa
050fb15146ce0c354071e0fde7cd4c7948e89c339c37e27a422fa554b27f6d9e
2c44a8d802cf2d05fe996e97a27ff9b123ecfba2b9be48cf35172b6489201605
74f71cc4cff80b7fcac8e86f595b8d0e55718efde0c0040e2e2a5b66aeb05e1d
7a009bba10f7fdfc958f97511b3c312373723444646fe1833ebb0753c5484b4a
4c3b97c157d08ee298edb5d30fa86a3b90b04fedfbe517e7e0307b6013eacbf0
da315d9c9c5c31c1cbfdcdbe673b94f236ad46afb6261ee7b22fea878b97a4e5
3380d357123e5b81f36a3e606864da12ec9ae2a94c0cd580a89309adf077acd6
520aa5f9f233057e70c40f9c7c3f417da4d0e1dd400a2dd4ff61d18b759ce8d0
55179fcade854308f587291b9bb586f97758ed216a5d773610e3f5f38d25e5e9
f10b6634e99ff37ec83b9fecbc7cee089c1c82999eff9a6dc4519071e38f8000
017ba68aa41ff6416707ea9fe1482dc231a6c6e2740961f5107c88695e9c4362
741508351f8b822d9ce3ecd6d380ac5a37b598b7114c3db5e77a2bacd709c7c8
dce7346008cc7d3088246fe8bb2924315673e66ee6f939941d4ce73c2de16b08
5722bae97daf54f30f3fcca10ced0c88ec0e64f5c1de3152c332e6178b64acf2
909a9da9a1f47e503c348d59216494ade8d1fed8fd97e1435be1b0f98e156835
8289c8db41f3396a4353a982e715bba0a2d8b272b5d915f2462ac0578847d76a
fb6d4ce94013385b31b30ec1ab8f1a6b2c34252a13062f880eae47b2b5cfc4e7
59374902866a6c62f56f32bdfd15a3a3215ec8d6bd2144b111066eff58c8e998
cdde3b2650c951e774a8694208c0d151e91b40db5d21da3d790d88ebd702edec
b954d66d6cb60a558efff4eb514a87f3ca4e657053090cc1d0770eb17e68560f
0001b8219a77f8e206efe2b71ecf3892aed755c26fb2dc5e4b7b42a226b72eaa
58d9f039ec38bbe03a1e1bf58a0102ce9c94d6efe39d2450cb44917d4a5c75af
e06dd348a334de7e2e43ef7a3739d4b4cf792b615595262aa212eec4e3005564
1159467031d7e6422cc1dbb955b2bdd50a0552dc433364caeffb5e2204f042aa
65b912304a9ea084a79024eb215644b0b3b068da5bc475e681e0f09ba66e6f65
4bb4a303b8e4873401be1cea68d50bdaa454471685dc30ad61e9ef746181aa29
3c25e70be79c3f4728f257f560a9499f01a42f42d976da4f120f0eec0e9d1309
10043a81860273c5903891860bd93cdc06ae5139c19033a4c2fb339e1f903ac0

Data Sources

MalwareBazaar (abuse.ch) • ThreatFox (abuse.ch) • URLhaus (abuse.ch)

← AsyncRAT Overview All Families Threat Intel