asyncrat

General

Target

https://colleague-besides-reporters-unsubscribe.trycloudflare.com/new.bat
Sample

241011-wh6jcavgje

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

nanarchym.duckdns.org:7878

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

modsmasync.duckdns.org:6745

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

momehvenom.duckdns.org:8520

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

xworm

Version

5.0

C2

xwrmmone.duckdns.org:9390

x5wo9402sep.duckdns.org:9402

Mutex

jg6HwHbepPocwygj

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

Version

3.1

C2

momekxwrm.duckdns.org:8292

Mutex

yh66xbyAobQEOS5f

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  https://colleague-besides-reporters-unsubscribe.trycloudflare.com/new.bat
Score

10^/10

asyncrat xworm default venom clients discovery execution rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Xworm Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1