General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
xworm
C2
super-nearest.gl.at.ply.gg:17835
best-bird.gl.at.ply.gg:27196
Attributes
-
Install_directory
%ProgramData%
Extracted
Family
quasar
Version
3.1.5
Botnet
Slave
C2
stop-largely.gl.at.ply.gg:27116
Mutex
$Sxr-kl1r656AGsPQksTmi8
Attributes
-
encryption_key
WyBm1iVkHZmEnGPMAZWV
-
install_name
$phantom.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
$phantomSTARTUP~MSF
-
subdirectory
$phantom
Extracted
Family
asyncrat
Botnet
Default
C2
finally-grande.gl.at.ply.gg:25844
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
147.185.221.205:52809
Mutex
FANTA~69
Attributes
-
delay
1
-
install
false
-
install_file
Update.exe
-
install_folder
%AppData%
aes.plain
Extracted
Family
quasar
Attributes
-
reconnect_delay
3000
Targets
-
-
Target
https://github.com/runderzer0/Venom-Crypter/releases/download/built/Release.zip
-
Detect Xworm Payload
-
Quasar payload
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-