Overview

overview

10

Static

static

3

58cea87c2b...0N.exe

windows7-x64

10

58cea87c2b...0N.exe

windows10-2004-x64

10

Resubmissions

03/12/2024, 08:17 UTC

241203-j6wb3asnfr 10

29/11/2024, 00:44 UTC

241129-a3t56awqcx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58cea87c2baf7227f19f5895064efcc7a410cc64f809648d79aabe4a1e7ea210N.exe

  • Size

    372KB

  • Sample

    241129-a3t56awqcx

  • MD5

    f9646131ff6c7b07e435791522b418b0

  • SHA1

    c0b1be54b2915cc9df1011836402e981a5815c92

  • SHA256

    58cea87c2baf7227f19f5895064efcc7a410cc64f809648d79aabe4a1e7ea210

  • SHA512

    44b54b19f35b3aca440eb09b8babdd3b22bc934145857b24a91b6fe65f1a6b2106a4a49266c55552135c63f8b8f85bc7a5e99d458cb277e2216ab2b20da089a5

  • SSDEEP

    3072:uD/0ZYthTLJRMB4IVGubl4m5plDzGuX7i2me4F8lpo6wB408ko/Z5hwy6q//kgrh:PYth1RiVGubCYfacu2tB3oB40zox4cf

Score
10/10
asyncratvenomratvjw0rmxwormdefaultexecutionpersistencerattrojanworm

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

178.215.224.142:4449

Mutex

ywldammnmlcvkfaatp

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
uSbqxchjGjZXbi27DqSsxXWKw5MENglZ

Extracted

Family

xworm

Version

5.0

C2

xworm7000.duckdns.org:7000

178.215.224.142:7000
Mutex

wDluQlkCVEcAclIo

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain
1
gu8fMOyaJaRQgFkDo8F1sA==

Targets

    • Target

      58cea87c2baf7227f19f5895064efcc7a410cc64f809648d79aabe4a1e7ea210N.exe

    • Size

      372KB

    • MD5

      f9646131ff6c7b07e435791522b418b0

    • SHA1

      c0b1be54b2915cc9df1011836402e981a5815c92

    • SHA256

      58cea87c2baf7227f19f5895064efcc7a410cc64f809648d79aabe4a1e7ea210

    • SHA512

      44b54b19f35b3aca440eb09b8babdd3b22bc934145857b24a91b6fe65f1a6b2106a4a49266c55552135c63f8b8f85bc7a5e99d458cb277e2216ab2b20da089a5

    • SSDEEP

      3072:uD/0ZYthTLJRMB4IVGubl4m5plDzGuX7i2me4F8lpo6wB408ko/Z5hwy6q//kgrh:PYth1RiVGubCYfacu2tB3oB40zox4cf

    Score
    10/10
    asyncratvenomratvjw0rmxwormdefaultexecutionpersistencerattrojanworm

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Detect Xworm Payload

    • VenomRAT

      Detects VenomRAT.

      rat

    • Venomrat family

      venomrat

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Vjw0rm family

      vjw0rm

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.