asyncrat | 98b14faa7577d52999942de580275ecd78ef3f1e236ab52f646ceb562fce07ad | Triage

Submit
Reports

Overview

overview

Static

static

3

Anarchy Loader.exe

windows10-2004-x64

Sharing

General

Target

Anarchy Loader.exe
Size

54.7MB
Sample

240509-1hzg9afh4z
MD5

5016491d1b400d431bf64bdfaa2402f2
SHA1

87c7f677cdbebefdedc3d7d975c2bb4f7725412a
SHA256

98b14faa7577d52999942de580275ecd78ef3f1e236ab52f646ceb562fce07ad
SHA512

cad0fd505e07b81540408a71e311e2e23f305a7508859d411a7b1d8d1a90547c264da4cf25c39fb0a1f33070f51bfafb42265be64affe9c4f07e61c4411d98d6
SSDEEP

1572864:r7s7RAkmum9Dio4y92UGp1DUMSoZ4XisCTK+OhiO0iQOCL:rI79hm9D54yAUs1DUBh3CTjOqiQO

Score

10^/10

asyncrat xworm zgrat persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Anarchy Loader.exe

Resource

win10v2004-20240426-en

asyncrat xworm zgrat persistence rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

209.25.141.181:31533

Attributes

Install_directory
%Temp%
install_file
INCCHECK.exe

Targets

- Target
  
  Anarchy Loader.exe
- Size
  
  54.7MB
- MD5
  
  5016491d1b400d431bf64bdfaa2402f2
- SHA1
  
  87c7f677cdbebefdedc3d7d975c2bb4f7725412a
- SHA256
  
  98b14faa7577d52999942de580275ecd78ef3f1e236ab52f646ceb562fce07ad
- SHA512
  
  cad0fd505e07b81540408a71e311e2e23f305a7508859d411a7b1d8d1a90547c264da4cf25c39fb0a1f33070f51bfafb42265be64affe9c4f07e61c4411d98d6
- SSDEEP
  
  1572864:r7s7RAkmum9Dio4y92UGp1DUMSoZ4XisCTK+OhiO0iQOCL:rI79hm9D54yAUs1DUBh3CTjOqiQO
Score

10^/10

asyncrat xworm zgrat persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Xworm Payload
- Detect ZGRat V1
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratxwormzgratpersistencerattrojan

© 2018-2025

Terms | Privacy