asyncrat | c7bd91207ac565f362c9a9702bcf5cb278b414e8a5489087431a448011d32f47 | Triage

Submit
Reports

Overview

overview

Static

static

3

c7bd91207a...47.exe

windows7-x64

c7bd91207a...47.exe

windows10-2004-x64

Sharing

General

Target

c7bd91207ac565f362c9a9702bcf5cb278b414e8a5489087431a448011d32f47.exe
Size

75.8MB
Sample

231231-qnbm9sddb7
MD5

864fec7c56d3a3fd0de982a049dc247a
SHA1

ef6240916847124235a523bf867c91a944e1c65b
SHA256

c7bd91207ac565f362c9a9702bcf5cb278b414e8a5489087431a448011d32f47
SHA512

452acfeda622d2948cdab3820fe2e688f91b7a11da5d97e34f04e5c350d60aff069d5620a9961cd92876291a65511a83a6ab05619d5c3e8aa0280d3cd374335b
SSDEEP

1572864:tERVE3V33f9SIdRMYxBvc+bOv6UEiQ/0SWyI+jHC7BX:tEgllfxBvTUOjddON

Score

10^/10

asyncrat xworm default persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c7bd91207ac565f362c9a9702bcf5cb278b414e8a5489087431a448011d32f47.exe

Resource

win7-20231215-en

asyncrat xworm default persistence rat trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

c7bd91207ac565f362c9a9702bcf5cb278b414e8a5489087431a448011d32f47.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

3.1

Attributes

Install_directory
%ProgramData%
install_file
SecurityHealthSystray.exe
telegram
https://api.telegram.org/bot5370417334:AAEZrEauqhTNZInhZ9_-SaapQJIi0hIvjJU

Extracted

Family

asyncrat

Botnet

Default

Mutex

尺vcΕ贼2C伊R开tΗKTتDmF尺

Attributes

c2_url_file
https://fvia.app/ip2.txt
delay
5
install
false
install_folder
%Windows%

aes.plain

Targets

- Target
  
  c7bd91207ac565f362c9a9702bcf5cb278b414e8a5489087431a448011d32f47.exe
- Size
  
  75.8MB
- MD5
  
  864fec7c56d3a3fd0de982a049dc247a
- SHA1
  
  ef6240916847124235a523bf867c91a944e1c65b
- SHA256
  
  c7bd91207ac565f362c9a9702bcf5cb278b414e8a5489087431a448011d32f47
- SHA512
  
  452acfeda622d2948cdab3820fe2e688f91b7a11da5d97e34f04e5c350d60aff069d5620a9961cd92876291a65511a83a6ab05619d5c3e8aa0280d3cd374335b
- SSDEEP
  
  1572864:tERVE3V33f9SIdRMYxBvc+bOv6UEiQ/0SWyI+jHC7BX:tEgllfxBvTUOjddON
Score

10^/10

asyncrat xworm default persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Async RAT payload
  rat
- Blocklisted process makes network request
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratxwormdefaultpersistencerattrojan

behavioral2

© 2018-2025

Terms | Privacy