asyncrat | bf0d1aa2019f057e23d62c1f8b69f63005a313057ff79592d2cdc28981c9d257 | Triage

Submit
Reports

Overview

overview

Static

static

1

lq.bat

windows7-x64

8

lq.bat

windows10-2004-x64

Sharing

General

Target

lq.bat
Size

39KB
Sample

241230-qtrxfawlhk
MD5

c052ebca60e2ce218b10804cb0cbc835
SHA1

cb24648a8bf6adb4807798d5cc6551bf1a9f148f
SHA256

bf0d1aa2019f057e23d62c1f8b69f63005a313057ff79592d2cdc28981c9d257
SHA512

e535443cb726ef0d52175cf7164aab93beddfa00c388793b199d64e5ac13cd8a8eb6e740c278b7845829fbdd452e5c8d65edc2e163149f080f7d4f10a96b44ab
SSDEEP

768:4yA400UEtvrU5cl7/2Vu2OHpi29NO150+5Rxbh:4yv+

Score

10^/10

asyncrat venomrat xworm default discovery execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

lq.bat

Resource

win7-20240903-en

discovery execution

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

lq.bat

Resource

win10v2004-20241007-en

asyncrat venomrat xworm default discovery execution rat trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

111.90.143.248:4449

101.99.92.10:4449

Mutex

kqsjiymxwcmgkmn

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

aes.plain

Extracted

Family

asyncrat

Botnet

Default

C2

111.90.143.248:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

xworm

Version

5.0

C2

101.99.92.10:8066

Mutex

oUzmdOsTIy2HgRCx

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  lq.bat
- Size
  
  39KB
- MD5
  
  c052ebca60e2ce218b10804cb0cbc835
- SHA1
  
  cb24648a8bf6adb4807798d5cc6551bf1a9f148f
- SHA256
  
  bf0d1aa2019f057e23d62c1f8b69f63005a313057ff79592d2cdc28981c9d257
- SHA512
  
  e535443cb726ef0d52175cf7164aab93beddfa00c388793b199d64e5ac13cd8a8eb6e740c278b7845829fbdd452e5c8d65edc2e163149f080f7d4f10a96b44ab
- SSDEEP
  
  768:4yA400UEtvrU5cl7/2Vu2OHpi29NO150+5Rxbh:4yv+
Score

10^/10

discovery execution asyncrat venomrat xworm default rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Detect Xworm Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncratvenomratxwormdefaultdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy