asyncrat

General

Target

22112024_0201_new.bat
Size

3KB
Sample

241122-cflavasjbt
MD5

58ce685ec1ce8644306dc4906242dcb7
SHA1

2f9dc4432e1d211e54aab97831fc3b0df5e86df2
SHA256

5ecc7f700bde0ab833e9a955d8ad371fab96e5a8c52d148488201e7815973725
SHA512

249ea3b3477cda22985e504f2a028ef370cc06fc4bd6655a7d18ecb26e0329e981720ccf234932e155b70a99131b95a62f8324ebcabe3652ec3b5c0c23fd0186

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

ghanarchydn.duckdns.org:7878

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

pdhasync.duckdns.org:8797

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

xworm

Version

3.1

C2

jkswrm3.duckdns.org:8895

xroct9402.duckdns.org:9402

Mutex

SilOfspMzdDQaw36

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

Version

5.0

C2

jkwrm5.duckdns.org:8896

Mutex

neSV4A0jHthIPf8y

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  22112024_0201_new.bat
- Size
  
  3KB
- MD5
  
  58ce685ec1ce8644306dc4906242dcb7
- SHA1
  
  2f9dc4432e1d211e54aab97831fc3b0df5e86df2
- SHA256
  
  5ecc7f700bde0ab833e9a955d8ad371fab96e5a8c52d148488201e7815973725
- SHA512
  
  249ea3b3477cda22985e504f2a028ef370cc06fc4bd6655a7d18ecb26e0329e981720ccf234932e155b70a99131b95a62f8324ebcabe3652ec3b5c0c23fd0186
Score

10^/10

discovery execution asyncrat xworm default rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Detect Xworm Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

Asyncrat family

Detect Xworm Payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Xworm

Xworm family

Async RAT payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2