asyncrat | 7786135b3cd7225c0fd83b1fc05efb702ae015d124326dfb4947d4e2addaab69 | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V3.1.exe

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

XWorm V3.1.exe
Size

7.0MB
Sample

230319-zv3vrscb7x
MD5

e0b3a2c3df9a18ad71e1293a3195cadf
SHA1

f48a0d2c47f1db77457e894d4e72bb3ddd6b0691
SHA256

7786135b3cd7225c0fd83b1fc05efb702ae015d124326dfb4947d4e2addaab69
SHA512

b2c091d50902ed44f7de80ec84bff8894bee0fce5ac0e53536048ae8d6cfc0c719771dab7ae5f585cd608fe86f50d8c25219faa7daef7720d0f2b557a9af972e
SSDEEP

196608:Nn1Q6B/XKUDz9NoUXJzUWi7MYjBVvo5/km:N1FlaU/9NZXJZinjB9oxj

Score

10^/10

asyncrat gozi quasar v15.5.0 | c5patcher isfb rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

XWorm V3.1.exe

Resource

win10-20230220-en

asyncrat quasar v15.5.0 | c5patcher rat spyware trojan

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Extracted

Family

quasar

Version

1.4.0

Botnet

v15.5.0 | C5Patcher

C2

blue-fog-95386.pktriot.net:22781

Mutex

41e6efe6-1856-4679-a9f1-4f99d8236ac2

Attributes

encryption_key
313B7CC078756BA4565679A48877BC516AC41AF4
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
3000
startup_key
$sxr-seroxen

Targets

- Target
  
  XWorm V3.1.exe
- Size
  
  7.0MB
- MD5
  
  e0b3a2c3df9a18ad71e1293a3195cadf
- SHA1
  
  f48a0d2c47f1db77457e894d4e72bb3ddd6b0691
- SHA256
  
  7786135b3cd7225c0fd83b1fc05efb702ae015d124326dfb4947d4e2addaab69
- SHA512
  
  b2c091d50902ed44f7de80ec84bff8894bee0fce5ac0e53536048ae8d6cfc0c719771dab7ae5f585cd608fe86f50d8c25219faa7daef7720d0f2b557a9af972e
- SSDEEP
  
  196608:Nn1Q6B/XKUDz9NoUXJzUWi7MYjBVvo5/km:N1FlaU/9NZXJZinjB9oxj
Score

10^/10

asyncrat quasar v15.5.0 | c5patcher rat spyware trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratquasarv15.5.0 | c5patcherratspywaretrojan

© 2018-2025

Terms | Privacy