asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

Anarchy Panel Leaked.rar
Size

58.7MB
Sample

240807-j1n1ssycke
MD5

fd0eef12631af76512f23a65f4b44688
SHA1

f924c4cff15ba32520ae71bd04c2f7ebfc1ed1eb
SHA256

64fc3fee444a94656049101a7fd8dcb04853dc849fdc79a531794d50147aa8f2
SHA512

614dc34ce8da835a6c740796b7fe56973aebdaa0bc65532c94a73bab96683e1c046b8463b23b02c2669501d009a015f811470162c6006362f1cd868f1ba7a6e6
SSDEEP

1572864:k1paYmSSO/Uc8R6s7zcEmeJz43uJBKNDLLKs+XKm:6aLSefT7zcK8uJBKNLKxXKm

Score

10^/10

Malware Config

Extracted

Family

xworm

209.25.141.181:31533

Attributes

Install_directory
%Temp%
install_file
INCCHECK.exe

Targets

- Target
  
  Anarchy Panel Leaked.rar
- Size
  
  58.7MB
- MD5
  
  fd0eef12631af76512f23a65f4b44688
- SHA1
  
  f924c4cff15ba32520ae71bd04c2f7ebfc1ed1eb
- SHA256
  
  64fc3fee444a94656049101a7fd8dcb04853dc849fdc79a531794d50147aa8f2
- SHA512
  
  614dc34ce8da835a6c740796b7fe56973aebdaa0bc65532c94a73bab96683e1c046b8463b23b02c2669501d009a015f811470162c6006362f1cd868f1ba7a6e6
- SSDEEP
  
  1572864:k1paYmSSO/Uc8R6s7zcEmeJz43uJBKNDLLKs+XKm:6aLSefT7zcK8uJBKNLKxXKm
Score

3^/10
behavioral1 behavioral2
- Target
  
  Anarchy Panel Leaked/Anarchy Loader.exe
- Size
  
  54.7MB
- MD5
  
  5016491d1b400d431bf64bdfaa2402f2
- SHA1
  
  87c7f677cdbebefdedc3d7d975c2bb4f7725412a
- SHA256
  
  98b14faa7577d52999942de580275ecd78ef3f1e236ab52f646ceb562fce07ad
- SHA512
  
  cad0fd505e07b81540408a71e311e2e23f305a7508859d411a7b1d8d1a90547c264da4cf25c39fb0a1f33070f51bfafb42265be64affe9c4f07e61c4411d98d6
- SSDEEP
  
  1572864:r7s7RAkmum9Dio4y92UGp1DUMSoZ4XisCTK+OhiO0iQOCL:rI79hm9D54yAUs1DUBh3CTjOqiQO
Score

10^/10

asyncrat xworm persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  Anarchy Panel Leaked/Anarchy Panel.exe.config
- Size
  
  3KB
- MD5
  
  3d441f780367944d267e359e4786facd
- SHA1
  
  d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5
- SHA256
  
  49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9
- SHA512
  
  5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Anarchy Panel Leaked/Plugins/0guo3zbo66fqoG.dll
- Size
  
  78KB
- MD5
  
  e4ebcf76ff80ef398d3ab77d577f4c08
- SHA1
  
  cb9e6b30a63d50ae87610f6855b64abfb25691d2
- SHA256
  
  9661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5
- SHA512
  
  8f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01
- SSDEEP
  
  1536:+gqK9OLThWUkwSOykrJROOwj5vCSnVcnwwxu8NMsuS73O4VKid/:1OBX/xFwj5vCSnSwwjNH3O4xd
Score

1^/10
behavioral7 behavioral8
- Target
  
  Anarchy Panel Leaked/Plugins/59Zp7paEHDF7luJ.dll
- Size
  
  4.0MB
- MD5
  
  15e3d44d37439f3ac8574ac1c9789ec2
- SHA1
  
  bb3ef30e9f4496198f412738579966210ade36e0
- SHA256
  
  5db4c26057a05bb75ff7892fb60fd76620fc2228811d913d152a0aa4ec9db7a5
- SHA512
  
  ff358c9896792017ff7e91f1dedffd9d75a099c5b852da19599799aeca20b6b269267ff7c12c918a2530fe1a79a12bc8796c4eb3914c97faba3eba27388abde1
- SSDEEP
  
  24576:L2RBtpr5ljLyeVKbed1BeaPc9oFf/V5V4IeDHRbtg58jVh6zBRkM8eJkhjpSLZFb:L2jXr5ZtVKYzX/LV4k58M8eJkhj
Score

1^/10
behavioral10 behavioral9
- Target
  
  Anarchy Panel Leaked/Plugins/CjETR6GpGXqM.dll
- Size
  
  395KB
- MD5
  
  b0fc0ba80f8ec9586ff397412c512d9f
- SHA1
  
  0f6051b71b715a47be1fa16683201413905629a3
- SHA256
  
  13db80a0211ba9bf59a1e43bdb2fffa91de5c7f38bd469c4824b5e06245a0234
- SHA512
  
  222a365ae567c6c773ca2b99b82795916839cc5c9ba8eb019bf6713108720c2793303ef6612b64488f4584602cec84c0b48a02fe709db0250bf377d07e002d7d
- SSDEEP
  
  6144:BH8ns56MGHSsdqjJiulCcVWiUpG9kxwrIfUKa:kjjSsAjAuYcVWxpG9ia
Score

1^/10
behavioral11 behavioral12
- Target
  
  Anarchy Panel Leaked/Plugins/EVa7gBMKoaHmLC.dll
- Size
  
  170KB
- MD5
  
  64a3d908b8a5feff2bccfc67f3a67dbd
- SHA1
  
  a17d7e5fa57c99a067cac459cb507b625dac254e
- SHA256
  
  6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1
- SHA512
  
  66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc
- SSDEEP
  
  3072:/bFHKx2Vpgdk6BCNs19kPVoPsb7oR4ZkvEfxMxf4t8BkVb0Uc:/TVpgdkpNs19I6Pe7oR4ZAEfx+LiVb
Score

1^/10
behavioral13 behavioral14
- Target
  
  Anarchy Panel Leaked/Plugins/FBSyChwp.dll
- Size
  
  170KB
- MD5
  
  0d41ccfaa8e7ef96248b8270d1a44d08
- SHA1
  
  6ee22bdb91d3a18e0b45b6590eb69bc9a0b02326
- SHA256
  
  0ea38d0d964815e2b84748a78bd5a829ae01586478e5f17b976f1ae763c8dec3
- SHA512
  
  a0f236f6dbeb1763fb1c198616de65b907a3a5edf7ed9435c2ad0b5826d84e9d2f25e96aba4e8b681ef495612cf0e04e929427a92d332164ace89e797bcb0e0e
- SSDEEP
  
  3072:OXwOuoHBhyYr+x5IA+1gUtaEKJ8px4e1hkamm9RyxLeN/dIfMU+:awOuYr05T+KUtaEKJ8px4e1RmqRydeNd
Score

1^/10
behavioral15 behavioral16
- Target
  
  Anarchy Panel Leaked/Plugins/G3nl0mDcABnDuZ.dll
- Size
  
  177KB
- MD5
  
  97b8bec4c47286e333cc2bedacf7338e
- SHA1
  
  764bbd0307924b71ca89538b42996208d10c9b91
- SHA256
  
  060d467cbeb0a58696287c052f3dd9b3597331b1c812e3e2882d6c232f8511de
- SHA512
  
  a40970622a594533349e75fc2022314ba21f05fc82709d6eaba82f4a2bc343c960029ad2825cfc034ce82622722127d149993bff88982f02d6dd6b5b1fb60fbf
- SSDEEP
  
  3072:EaEk8xLhWuo2alMFVxzPUBvRNHosrO0/1gRR0foQPssGeWSz89:EaEk8PRo2al0DzPUxvHtrN1gROffPfGl
Score

1^/10
behavioral17 behavioral18
- Target
  
  Anarchy Panel Leaked/Plugins/KNTmoSnG.dll
- Size
  
  670KB
- MD5
  
  738c096a9bc38e21a9aa59ebc356c80d
- SHA1
  
  139756ad201a537461a6bb8524a4b89a63b1b1b9
- SHA256
  
  300a5551f7be89c5f03c0b70fa7dafb7f84c6394dac68bee95169e985e7786f0
- SHA512
  
  294c34f0716861fa67ba571bf7a8614613a1746e9f2935ba0c86eb1897dff858ea1f7fb44f1b6ec87cc709f4933a912dcd3eadd5d0b208c72985aa47e1f214f2
- SSDEEP
  
  12288:SMmHl7LUg++x95WlkM9qgrXCEhUhWiUQpTQCyXZj3vlDV+z9BI2NHvfJa1tzh66w:AHl7LUmx902M9qgrXOUQpTQC1m
Score

1^/10
behavioral19 behavioral20
- Target
  
  Anarchy Panel Leaked/Plugins/PK0TcnqTGFagQTS.dll
- Size
  
  174KB
- MD5
  
  fa90a2aee0d172000257c4faca31237c
- SHA1
  
  b317281b4acaaf1d7b7255c5e92887322abae892
- SHA256
  
  991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49
- SHA512
  
  b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405
- SSDEEP
  
  3072:Z60dHpQssTFrcpvZFlOJA3YCVbbME5f8YpIVbltkksqBRbRw:xPsZcpvZFlOJA3VVbbME5f7pIVbTkkZJ
Score

1^/10
behavioral21 behavioral22
- Target
  
  Anarchy Panel Leaked/Plugins/RssCnLKcGRxj.dll
- Size
  
  181KB
- MD5
  
  f6808c4fbbe0275db03b2cc5b4c2bc0d
- SHA1
  
  e40b61c64c68f72fc5144f5057d54229babdecf8
- SHA256
  
  e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248
- SHA512
  
  f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4
- SSDEEP
  
  3072:P1F3B6k7/u/cVnvqtXEIGyv5LBPcwk4V9KIgBH/cNw5/UzUYNv:P1F0kDu/+WX8yhLBPcwk4SIgBH/Yw58P
Score

1^/10
behavioral23 behavioral24
- Target
  
  Anarchy Panel Leaked/Plugins/WkUP83aP9CABpi.dll
- Size
  
  86KB
- MD5
  
  8dbfb67c059aa59f7c53e20ef6740363
- SHA1
  
  3de96e7f48ee7647f5a7c2efb68cbd914bc78364
- SHA256
  
  a74b74f463d567c1f0505bddcd49ed23700f9ab7dcf4b7f46435723258c5a7e2
- SHA512
  
  70aed01375416e2be63d676bbdba58c12ba5f50d406d1fe252e7a66b901d32e0705007dbf465193de51663174c1b53bdb980890d8b2e6ce641dd16a200e3440d
- SSDEEP
  
  1536:ulBCsewAj5RhvBY/0g/+DP0yUXEVg+g6SAKJMT05eUv:6CsewGdvBsjmwj6g+g6SA+MT05eU
Score

1^/10
behavioral25 behavioral26
- Target
  
  Anarchy Panel Leaked/Plugins/eMTYbTz0gueNs4.dll
- Size
  
  1.1MB
- MD5
  
  5dfbcfbbf9e2ae7db23e252808699ffb
- SHA1
  
  a1d429292fe73aeb5abab10304e1ae8c1262b26d
- SHA256
  
  929e5f15e9ceca03c80b2d174283cb25bf47adfe4693f5c01f622416c9f6d03c
- SHA512
  
  9ee63080781577e0d818a27d026024f96161bb7b132dc0c130fabbe2d6c3b7758868fff5a4ad68efeb4d08f964e2f69417022751880a443f7f920aa4f40f5c09
- SSDEEP
  
  12288:s9StwoSI6P2FNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbS:tZSFPMWOe0jywNMB9ccFd7mZg4
Score

1^/10
behavioral27 behavioral28
- Target
  
  Anarchy Panel Leaked/Plugins/fzAgyDYa.dll
- Size
  
  79KB
- MD5
  
  a5770798b7a6465f5b5a8c19d7d707ee
- SHA1
  
  ca67e9591d2f757cbbfacb55f27aec6485b10ee6
- SHA256
  
  f855353a618af8a53504b5188c05d3a09fb1ff85763e0cd15c53dee82d7c6119
- SHA512
  
  64da7687e83c6ff4d1c1cdc644ffff53333f745e82f169beb529d55ec5be6f21658d27c6e01744147c00f834978260e86ea627a5f2981f27305afb69a7b467dc
- SSDEEP
  
  768:VARgmh4b8mzujnHzq+pu57BSsdIPn7rDVNS5z4TyEWkZI9aJ+G247U33fEqtHzWT:VogClTToxxeq6ZXwvEqZaXcI
Score

1^/10
behavioral29 behavioral30
- Target
  
  Anarchy Panel Leaked/Plugins/mGWHaG2Jn.dll
- Size
  
  81KB
- MD5
  
  8f98206f577160f950d456d1190c8d32
- SHA1
  
  defced38fce00775c4616b420fa674d77f946eff
- SHA256
  
  2bde0293c982fb6266c683ecaa2c90372d26d9a2786726874a2cfb89dcc68324
- SHA512
  
  432c2b6759701754616273633c966332e718dbb10a9a7eab0d7c57ffdc9be95b5e1b16b6e291301ac7aa6d1de48a46d30f08729e45d6634b1849f41c78e92d91
- SSDEEP
  
  1536:xDj7e8U5/QWCwxi4ao02nK20TSMErl4D/D:xDj7e9/xxi4ao02nK20TnErl4/
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Xworm

.NET Reactor proctector

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32