Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
new.bat
-
Size
25KB
-
Sample
240711-xht1zszbjj
-
MD5
2a6aaf30c4f4fb95035d448aea4b452e
-
SHA1
c4705f2f325c3c0665ce479b79621ba03d9d4382
-
SHA256
0fccf3d1fb38fa337baf707056f97ef011def859901bb922a4d0a1f25745e64f
-
SHA512
22109814422f467121c80c0155615fb72105c369b91e0617e11f011c661c738ce7a59272ae362a3d3c171fb874c53c24094d742feb73ab01b5f5466dd6b8b292
-
SSDEEP
768:Hrr046orC222qPZDorKS/A8r0grKZr5LmnfcY+ecZhs7rRgE9plN7rAZo1hR7rCy:X
Malware Config
Extracted
asyncrat
0.5.7B
Default
todfg.duckdns.org:6745
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
xworm
3.1
welxwrm.duckdns.org:8292
xwor3july.duckdns.org:9402
jAJi0qnpBIvDTnnL
-
install_file
USB.exe
Extracted
xworm
5.0
rvxwrm5.duckdns.org:9390
paSw6o6yxKyyWEhP
-
install_file
USB.exe
Extracted
asyncrat
Default
anachyyyyy.duckdns.org:7878
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
new.bat
-
Size
25KB
-
MD5
2a6aaf30c4f4fb95035d448aea4b452e
-
SHA1
c4705f2f325c3c0665ce479b79621ba03d9d4382
-
SHA256
0fccf3d1fb38fa337baf707056f97ef011def859901bb922a4d0a1f25745e64f
-
SHA512
22109814422f467121c80c0155615fb72105c369b91e0617e11f011c661c738ce7a59272ae362a3d3c171fb874c53c24094d742feb73ab01b5f5466dd6b8b292
-
SSDEEP
768:Hrr046orC222qPZDorKS/A8r0grKZr5LmnfcY+ecZhs7rRgE9plN7rAZo1hR7rCy:X
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Detect Xworm Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xworm
Xworm is a remote access trojan written in C#.
-
Async RAT payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Executes dropped EXE
-
Loads dropped DLL
-