General
-
Target
02102024_0159_new.bat
-
Size
17.0MB
-
Sample
241002-cen1ca1gmj
-
MD5
3a6a863c82f5ad5ff271a7c740c1ab88
-
SHA1
a85966b120a257211a5f2a245ac94244d5a77019
-
SHA256
bc8ad4687d5b06fbcd16b1a119b0cec10b8063ff0154dcacc6e3e30a5ce9f2ba
-
SHA512
79f8309de480b45d21520f18180ade1367217955e8e6e50b1251b28921bd8a5f2382382c21a5ef556282fb37dabb7337425a3bd658d10f8d417c5b21e022e10d
-
SSDEEP
768:U6MPI1xfXAU2HVp93Cs5MJVBIkCm6M2EHC5w+wLfm6/95h65uvh3E1cQAAaBq3If:U145
Malware Config
Extracted
asyncrat
Default
nanarchym.duckdns.org:7878
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
Default
modsmasync.duckdns.org:6745
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
5.0.5
Venom Clients
momehvenom.duckdns.org:8520
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
xworm
5.0
xwrmmone.duckdns.org:9390
x5wo9402sep.duckdns.org:9402
jg6HwHbepPocwygj
-
install_file
USB.exe
Extracted
xworm
3.1
momekxwrm.duckdns.org:8292
yh66xbyAobQEOS5f
-
install_file
USB.exe
Targets
-
-
Target
02102024_0159_new.bat
-
Size
17.0MB
-
MD5
3a6a863c82f5ad5ff271a7c740c1ab88
-
SHA1
a85966b120a257211a5f2a245ac94244d5a77019
-
SHA256
bc8ad4687d5b06fbcd16b1a119b0cec10b8063ff0154dcacc6e3e30a5ce9f2ba
-
SHA512
79f8309de480b45d21520f18180ade1367217955e8e6e50b1251b28921bd8a5f2382382c21a5ef556282fb37dabb7337425a3bd658d10f8d417c5b21e022e10d
-
SSDEEP
768:U6MPI1xfXAU2HVp93Cs5MJVBIkCm6M2EHC5w+wLfm6/95h65uvh3E1cQAAaBq3If:U145
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Detect Xworm Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xworm
Xworm is a remote access trojan written in C#.
-
Async RAT payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Executes dropped EXE
-
Loads dropped DLL
-