Analyzing AsyncRAT's Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases
===================================================================================================
===================================================================================================
Component			SHA256					Detection name
===================================================================================================
C:\Users\Public\Webcentral.vbs  50b6aaed93609360f33de4b40b764d3bb0bd45d1 Trojan.VBS.RUNNER.AOE 
C:\Users\Public\Webcentral.bat  f22cceb9c6d35c9119a5791d6fd93bf1484e6747 Trojan.BAT.POWRUN.AA 
C:\Users\Public\hash.vbs 	2226d90cce0e6f3e5f1c52668ed5b0e3a97332c1 Trojan.VBS.RUNNER.AOE 
C:\Users\Public\hash.bat 	8fe5c43704210d50082bbbaf735a475810a8dbc9 Trojan.BAT.POWRUN.AA 
C:\Users\Public\Webcentral.ps1  7be69e00916c691bbbed6ff9616f974f90234862 Trojan.PS1.RUNNER.GBT 
C:\Users\Public\runpe.txt 	c07b2c25f926550d804087ac663991cf06bac519 Trojan.Win32.ASYNCRAT.ENC 
C:\Users\Public\msg.txt 	c5b16f22397c201a6e06f0049b6f948c648f11b7 Trojan.Win32.ASYNCRAT.ENC 
C:\Users\Public\hash.ps1 	899ca79e54a2d4af140a40a9ca0b2e03a98c46cb Trojan.PS1.ASYNCRAT.L 
===================================================================================================
C&C server
===================================================================================================
66escobar181[.]ddns[.]net 
45[.]141[.]215.40:4782 (httpswin10[.]kozow[.]com) 
185[.]150[.]25[.]181 (66escobar181[.]ddns[.]net:6666)