asyncrat | a8e3cbf1921a2485a307ac0ff2536accc77bc17db386a00e8d67c5537613b321 | Triage

Submit
Reports

Overview

overview

Static

static

3

Reaper.exe

windows7-x64

Reaper.exe

windows10-2004-x64

Sharing

General

Target

Reaper.exe
Size

8.4MB
Sample

240427-fewxqsbc97
MD5

caa418507bb991b91bbfa3e52623c2f4
SHA1

9e1083e019ca8813024e1e58eac193d7a83b4b48
SHA256

a8e3cbf1921a2485a307ac0ff2536accc77bc17db386a00e8d67c5537613b321
SHA512

84e57b9c0d88e67c2ebb3ef89df82b33b4d466b663fa1b43dd0c050b140fbc986135169c8840b4d91ed5921379579a85e743cda27184172a7a7eb87156c61684
SSDEEP

196608:SRyi9wysiM2+eLNxHPZe/eAwfPjprt/VU3jZoAp/aOROsEh/cH:SRLSIr+eLDvM9YBNMrQsh

Score

10^/10

asyncrat xworm default rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Reaper.exe

Resource

win7-20240419-en

asyncrat xworm default rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Reaper.exe

Resource

win10v2004-20240426-en

asyncrat xworm default rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

L838 RAT v1.0.0

Botnet

Default

C2

127.0.0.1:54984

127.0.0.1:4449

l838.ddns.net:54984

l838.ddns.net:4449

Mutex

azjrpxchkiev

Attributes

delay
1
install
true
install_file
Windows Driver Foundation.exe
install_folder
%Temp%

aes.plain

Extracted

Family

xworm

C2

l838.ddns.net:3232

Attributes

Install_directory
%Public%
install_file
Windows Service Wrapper.exe

Targets

- Target
  
  Reaper.exe
- Size
  
  8.4MB
- MD5
  
  caa418507bb991b91bbfa3e52623c2f4
- SHA1
  
  9e1083e019ca8813024e1e58eac193d7a83b4b48
- SHA256
  
  a8e3cbf1921a2485a307ac0ff2536accc77bc17db386a00e8d67c5537613b321
- SHA512
  
  84e57b9c0d88e67c2ebb3ef89df82b33b4d466b663fa1b43dd0c050b140fbc986135169c8840b4d91ed5921379579a85e743cda27184172a7a7eb87156c61684
- SSDEEP
  
  196608:SRyi9wysiM2+eLNxHPZe/eAwfPjprt/VU3jZoAp/aOROsEh/cH:SRLSIr+eLDvM9YBNMrQsh
Score

10^/10

asyncrat xworm default rat trojan upx
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratxwormdefaultrattrojanupx

behavioral2

asyncratxwormdefaultrattrojanupx

© 2018-2024

Terms | Privacy