General
-
Target
new.cmd
-
Size
3KB
-
Sample
240523-w8cnysca72
-
MD5
33096706975d44c7b99a1f9f49c2a8b8
-
SHA1
9d1af5a90bb43181b486fcdd530bb076e86ea319
-
SHA256
56bf257d93c8797219d10fcc94e0ffee4859109c8799a925f828126f1e9b12d0
-
SHA512
18d11d3aa0470e651529a60cba53a1d33c7cd8e2eec4d76cada3f7af5829a8c59ec3e2d37262e62b9d5dad9f133e1c46e3322fb27ca5a5fd8882a4ee4ccaa56a
Static task
static1
Behavioral task
behavioral1
Sample
new.cmd
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
xvern429.duckdns.org:8890
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
xworm
3.1
xgmn934.duckdns.org:8896
nmds.duckdns.org:8895
newremisco2905.duckdns.org:2905
2utLZrxcByvppTdF
-
install_file
USB.exe
Extracted
asyncrat
0.5.7B
Default
dhhj.duckdns.org:8797
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
new.cmd
-
Size
3KB
-
MD5
33096706975d44c7b99a1f9f49c2a8b8
-
SHA1
9d1af5a90bb43181b486fcdd530bb076e86ea319
-
SHA256
56bf257d93c8797219d10fcc94e0ffee4859109c8799a925f828126f1e9b12d0
-
SHA512
18d11d3aa0470e651529a60cba53a1d33c7cd8e2eec4d76cada3f7af5829a8c59ec3e2d37262e62b9d5dad9f133e1c46e3322fb27ca5a5fd8882a4ee4ccaa56a
-
Detect Xworm Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Program crash
-