asyncrat | 98829bbf9afb89501d6d201d5fcaa8807998ce88afc46be1251e933853ac1e9e | Triage

Submit
Reports

Overview

overview

Static

static

3

c8dd846400...19.exe

windows7-x64

c8dd846400...19.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6dabcc4315aec87869a8f89f0207b9ec.bin
Size

794KB
Sample

240101-bxt4mshchp
MD5

2ccafbd1fb288a2e5d03a7012ecc3c9d
SHA1

94b2dd03a907235da78b83fdbd92438040c94277
SHA256

98829bbf9afb89501d6d201d5fcaa8807998ce88afc46be1251e933853ac1e9e
SHA512

61db6213f58478833904bb1a2d52544912a457153f4c65607e0dd94c5dcc993bd47dacf8a5286bf132b9a3b8689203ba80d87882c05df27f137e605c5b525553
SSDEEP

12288:8QUR+BnpO2LuFqM6tD/TECvRPMPsm5AQ+6pXtO0QH4MNJ42PuEVFKPpF:g+XrLLMcb7vRi9+Q+6pX01J42PuELKhF

Score

10^/10

asyncrat xworm default persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c8dd8464008d24fe02938509eb3163f09749e1c76bff6dcfd25b1d3193357419.exe

Resource

win7-20231215-en

asyncrat xworm default rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c8dd8464008d24fe02938509eb3163f09749e1c76bff6dcfd25b1d3193357419.exe

Resource

win10v2004-20231215-en

asyncrat xworm default persistence rat trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

Mutex

尺vcΕ贼2C伊R开tΗKTتDmF尺

Attributes

c2_url_file
https://fvia.app/ip2.txt
delay
5
install
false
install_folder
%Windows%

aes.plain

Extracted

Family

xworm

Version

3.1

Attributes

Install_directory
%ProgramData%
install_file
SecurityHealthSystray.exe
telegram
https://api.telegram.org/bot5370417334:AAEZrEauqhTNZInhZ9_-SaapQJIi0hIvjJU

Targets

- Target
  
  c8dd8464008d24fe02938509eb3163f09749e1c76bff6dcfd25b1d3193357419.exe
- Size
  
  1.6MB
- MD5
  
  6dabcc4315aec87869a8f89f0207b9ec
- SHA1
  
  25796d8f144f0287c0218c7aa448f4f914891fc1
- SHA256
  
  c8dd8464008d24fe02938509eb3163f09749e1c76bff6dcfd25b1d3193357419
- SHA512
  
  336ac664d71ec9c4e044b921f4dca64e6283024412c38e4dbdcced21ccc7fef6684213b9a69092dced322a557e05aff7066bbc762856af2bd71d7d4935840a15
- SSDEEP
  
  24576:q74oSZSYH/O+sIV8aUgibdu5Hrll117UXDpLAZCR1:q74xpRs7aUgibduNRlb0lH
Score

10^/10

asyncrat xworm default rat trojan persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratxwormdefaultrattrojan

behavioral2

asyncratxwormdefaultpersistencerattrojan

© 2018-2025

Terms | Privacy