General
-
Target
c904e0cd3.zip
-
Size
804B
-
Sample
241219-rfk3eavkbn
-
MD5
930bc6b90d6ccbb4e61848d90d16b82d
-
SHA1
f692fdb997d2098fa2e2fbbea0f05c0b2a306bd8
-
SHA256
6c6fbc21d050edc1070a82bf8817015d2de88614a061438bb834f7ff2664c0a4
-
SHA512
d9b8d3b8dd689bb54f2c8b061a4d7c6a06a68f9906a8bb434866a8982db3c3bc745f7c946150c996703a9504717b3a3e3cbd66275678afc2be6f0e06de7ca54e
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Inquiry.html
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Default
sdanarchynd.duckdns.org:7878
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
Default
soasyncb.duckdns.org:6745
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
asyncrat
5.0.5
Venom Clients
jkvernm.duckdns.org:8520
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
xworm
3.1
hnxwrm3.duckdns.org:8292
7OmhyCIQgrHx3yxU
-
install_file
USB.exe
Extracted
xworm
5.0
newxrm5.duckdns.org:9390
momentnb3901.duckdns.org:3901
0IpUtNjbaz65ubYv
-
install_file
USB.exe
Targets
-
-
Target
Inquiry.html
-
Size
312KB
-
MD5
d9be2b4df752bce538b17bb70d28c38d
-
SHA1
d11e735cce93726af9b17b7d524569dda0386e03
-
SHA256
52aa4dc388981844c67bcf7b6135d3706f275bf9f20bd88facf9e35c904e0cd3
-
SHA512
8ee8fef44ef372821cb3c8d7b229d833dbd8d7c289c4d8fb6547bdae69c7b14f2f038369238944d22c44b9fe87fd5ec208884d212aca6cb5e41c620029bcf363
-
SSDEEP
6:aO+3Q21JOAZBvbLAqtybbTJOAZBvbLPMERVbjMRJViktbJFC1DqbGAL4vFC8unAU:FF21pDgqunpDvBjMxikJu0XGztu0Xn
-
Asyncrat family
-
Detect Xworm Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xworm family
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1