asyncrat | ebba736dfa26b559658df13cda55e2aef8cf744c05f817396ef1d3b17870a83e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Builder Wo...1).zip

windows11-21h2-x64

Sharing

General

Target

Builder WorldWind Pro (1).zip
Size

2.4MB
Sample

250102-w245matnej
MD5

82a0e194de7cb967c13494efa4e3f3a6
SHA1

c1b8a0428538841272e57972eda61879768cfcbc
SHA256

ebba736dfa26b559658df13cda55e2aef8cf744c05f817396ef1d3b17870a83e
SHA512

60a85f906a0b9ef468b27b396683a5e5a5a762ae3f16e2a23e45b09657a984142ee68a1e92162c1ec3ab7c82c074ef8f642a5fea4bd8d53c551533b87b09b383
SSDEEP

49152:nHqaHgIuK4sLgsAhmHa7HAIkc0UOX9Hp63nfUxR:nHqaHb6Jhn3kc0UOXSnfUR

Score

10^/10

asyncrat stormkitty xworm default discovery execution rat trojan

Static task

static1

rat default asyncrat stormkitty

5 signatures

Behavioral task

behavioral1

Sample

Builder WorldWind Pro (1).zip

Resource

win11-20241007-en

xworm discovery execution rat trojan

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

xworm

C2

dsasinject-58214.portmap.io:3389

Attributes

Install_directory
%AppData%
install_file
svchost.exe
telegram
https://api.telegram.org/bot7023899363:AAFEzgbfWzhyE32Lf95TKSRYEYXMd4AfMyk/sendMessage?chat_id=6354844663

Targets

- Target
  
  Builder WorldWind Pro (1).zip
- Size
  
  2.4MB
- MD5
  
  82a0e194de7cb967c13494efa4e3f3a6
- SHA1
  
  c1b8a0428538841272e57972eda61879768cfcbc
- SHA256
  
  ebba736dfa26b559658df13cda55e2aef8cf744c05f817396ef1d3b17870a83e
- SHA512
  
  60a85f906a0b9ef468b27b396683a5e5a5a762ae3f16e2a23e45b09657a984142ee68a1e92162c1ec3ab7c82c074ef8f642a5fea4bd8d53c551533b87b09b383
- SSDEEP
  
  49152:nHqaHgIuK4sLgsAhmHa7HAIkc0UOX9Hp63nfUxR:nHqaHb6Jhn3kc0UOXSnfUR
Score

10^/10

xworm discovery execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncratstormkitty

behavioral1

xwormdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy