asyncrat | hxxps://salvador-interventions-pointing-discover[.]trycloudflare[.]com/ | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

URLScan

urlscan

1

https://salvador-int...

windows10-ltsc 2021-x64

https://salvador-int...

windows11-21h2-x64

Sharing

General

Target

https://salvador-interventions-pointing-discover.trycloudflare.com/
Sample

250221-yb993aynfk

Score

10^/10

asyncrat stealerium xworm default collection discovery execution persistence privilege_escalation rat stealer trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://salvador-interventions-pointing-discover.trycloudflare.com/

Resource

win10ltsc2021-20250217-en

asyncrat stealerium xworm default collection discovery execution persistence privilege_escalation rat stealer trojan

windows10-ltsc 2021-x64

34 signatures

600 seconds

Behavioral task

behavioral2

Sample

https://salvador-interventions-pointing-discover.trycloudflare.com/

Resource

win11-20250217-en

asyncrat stealerium xworm default collection discovery persistence privilege_escalation rat stealer trojan

windows11-21h2-x64

28 signatures

600 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

62.60.190.196:8000

Mutex

9Kl9naWliCNlyild

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

asyncrat

Botnet

Default

C2

62.60.190.196:3232

62.60.190.141:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

aes.plain

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

62.60.190.141:4056

Mutex

fagpetngyrfkiki

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  https://salvador-interventions-pointing-discover.trycloudflare.com/
Score

10^/10

asyncrat stealerium xworm default collection discovery execution persistence privilege_escalation rat stealer trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Detect Xworm Payload
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Stealerium family
  stealerium
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Async RAT payload
  rat
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

asyncratstealeriumxwormdefaultcollectiondiscoveryexecutionpersistenceprivilege_escalationratstealertrojan

behavioral2

asyncratstealeriumxwormdefaultcollectiondiscoverypersistenceprivilege_escalationratstealertrojan

© 2018-2025

Terms | Privacy