asyncrat | c93d11c96d20e8b20cff7cd018440fa16f6601c047890c48c7e72cb5e0077e02 | Triage

Submit
Reports

Overview

overview

Static

static

3

Windows Defenders.exe

windows7-x64

Windows Defenders.exe

windows10-2004-x64

Sharing

General

Target

Windows Defenders.exe
Size

82KB
Sample

250129-cdpkgsxlfz
MD5

c83eee916e8a78f97511dd3bce5fd38c
SHA1

0748ee6c65a2c401b8641d39cfff57e087f62154
SHA256

c93d11c96d20e8b20cff7cd018440fa16f6601c047890c48c7e72cb5e0077e02
SHA512

de60264ce73d09266727d5b8be3cda669b8e5f2ae2c68c09dfc9e6f1cfcfc512a3abba459cd55a63bf7f0fa83136bb6d511a16ff7553813a799446faa27f5b51
SSDEEP

1536:gD9iBlgS19xE2VE8NVBxcEu6+rFanqNy7g4FY2qNlnw:gRU119rEMVAEX+4KoFRt

Score

10^/10

asyncrat xworm default persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Windows Defenders.exe

Resource

win7-20241010-en

asyncrat xworm default rat trojan

windows7-x64

15 signatures

900 seconds

Behavioral task

behavioral2

Sample

Windows Defenders.exe

Resource

win10v2004-20241007-en

asyncrat xworm default persistence rat trojan

windows10-2004-x64

19 signatures

900 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

understanding-described.gl.at.ply.gg:3953

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Extracted

Family

xworm

C2

understanding-described.gl.at.ply.gg:3953

Attributes

Install_directory
%AppData%
install_file
scvhost.exe

Targets

- Target
  
  Windows Defenders.exe
- Size
  
  82KB
- MD5
  
  c83eee916e8a78f97511dd3bce5fd38c
- SHA1
  
  0748ee6c65a2c401b8641d39cfff57e087f62154
- SHA256
  
  c93d11c96d20e8b20cff7cd018440fa16f6601c047890c48c7e72cb5e0077e02
- SHA512
  
  de60264ce73d09266727d5b8be3cda669b8e5f2ae2c68c09dfc9e6f1cfcfc512a3abba459cd55a63bf7f0fa83136bb6d511a16ff7553813a799446faa27f5b51
- SSDEEP
  
  1536:gD9iBlgS19xE2VE8NVBxcEu6+rFanqNy7g4FY2qNlnw:gRU119rEMVAEX+4KoFRt
Score

10^/10

asyncrat xworm default rat trojan persistence
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratxwormdefaultrattrojan

behavioral2

asyncratxwormdefaultpersistencerattrojan

© 2018-2025

Terms | Privacy