General
-
Target
58cea87c2baf7227f19f5895064efcc7a410cc64f809648d79aabe4a1e7ea210N.exe
-
Size
372KB
-
Sample
241203-j6wb3asnfr
-
MD5
f9646131ff6c7b07e435791522b418b0
-
SHA1
c0b1be54b2915cc9df1011836402e981a5815c92
-
SHA256
58cea87c2baf7227f19f5895064efcc7a410cc64f809648d79aabe4a1e7ea210
-
SHA512
44b54b19f35b3aca440eb09b8babdd3b22bc934145857b24a91b6fe65f1a6b2106a4a49266c55552135c63f8b8f85bc7a5e99d458cb277e2216ab2b20da089a5
-
SSDEEP
3072:uD/0ZYthTLJRMB4IVGubl4m5plDzGuX7i2me4F8lpo6wB408ko/Z5hwy6q//kgrh:PYth1RiVGubCYfacu2tB3oB40zox4cf
Static task
static1
Behavioral task
behavioral1
Sample
58cea87c2baf7227f19f5895064efcc7a410cc64f809648d79aabe4a1e7ea210N.exe
Resource
win7-20240708-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
178.215.224.142:4449
ywldammnmlcvkfaatp
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
xworm
5.0
xworm7000.duckdns.org:7000
178.215.224.142:7000
wDluQlkCVEcAclIo
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
58cea87c2baf7227f19f5895064efcc7a410cc64f809648d79aabe4a1e7ea210N.exe
-
Size
372KB
-
MD5
f9646131ff6c7b07e435791522b418b0
-
SHA1
c0b1be54b2915cc9df1011836402e981a5815c92
-
SHA256
58cea87c2baf7227f19f5895064efcc7a410cc64f809648d79aabe4a1e7ea210
-
SHA512
44b54b19f35b3aca440eb09b8babdd3b22bc934145857b24a91b6fe65f1a6b2106a4a49266c55552135c63f8b8f85bc7a5e99d458cb277e2216ab2b20da089a5
-
SSDEEP
3072:uD/0ZYthTLJRMB4IVGubl4m5plDzGuX7i2me4F8lpo6wB408ko/Z5hwy6q//kgrh:PYth1RiVGubCYfacu2tB3oB40zox4cf
-
Asyncrat family
-
Detect Xworm Payload
-
Vjw0rm family
-
Xworm family
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-