asyncrat | 64fc3fee444a94656049101a7fd8dcb04853dc849fdc79a531794d50147aa8f2 | Triage

Submit
Reports

Overview

overview

Static

static

Anarchy Pa...er.exe

windows7-x64

Anarchy Pa...er.exe

windows10-2004-x64

Sharing

General

Target

Anarchy Panel Leaked.rar
Size

58.7MB
Sample

240807-j3h8bsvfrl
MD5

fd0eef12631af76512f23a65f4b44688
SHA1

f924c4cff15ba32520ae71bd04c2f7ebfc1ed1eb
SHA256

64fc3fee444a94656049101a7fd8dcb04853dc849fdc79a531794d50147aa8f2
SHA512

614dc34ce8da835a6c740796b7fe56973aebdaa0bc65532c94a73bab96683e1c046b8463b23b02c2669501d009a015f811470162c6006362f1cd868f1ba7a6e6
SSDEEP

1572864:k1paYmSSO/Uc8R6s7zcEmeJz43uJBKNDLLKs+XKm:6aLSefT7zcK8uJBKNLKxXKm

Score

10^/10

asyncrat stealerium stormkitty xworm persistence rat trojan

Static task

static1

stormkitty stealerium

4 signatures

Behavioral task

behavioral1

Sample

Anarchy Panel Leaked/Anarchy Loader.exe

Resource

win7-20240705-en

asyncrat xworm persistence rat trojan

windows7-x64

11 signatures

600 seconds

Behavioral task

behavioral2

Sample

Anarchy Panel Leaked/Anarchy Loader.exe

Resource

win10v2004-20240802-en

asyncrat xworm persistence rat trojan

windows10-2004-x64

12 signatures

600 seconds

Malware Config

Extracted

Family

xworm

C2

209.25.141.181:31533

Attributes

Install_directory
%Temp%
install_file
INCCHECK.exe

Targets

- Target
  
  Anarchy Panel Leaked/Anarchy Loader.exe
- Size
  
  54.7MB
- MD5
  
  5016491d1b400d431bf64bdfaa2402f2
- SHA1
  
  87c7f677cdbebefdedc3d7d975c2bb4f7725412a
- SHA256
  
  98b14faa7577d52999942de580275ecd78ef3f1e236ab52f646ceb562fce07ad
- SHA512
  
  cad0fd505e07b81540408a71e311e2e23f305a7508859d411a7b1d8d1a90547c264da4cf25c39fb0a1f33070f51bfafb42265be64affe9c4f07e61c4411d98d6
- SSDEEP
  
  1572864:r7s7RAkmum9Dio4y92UGp1DUMSoZ4XisCTK+OhiO0iQOCL:rI79hm9D54yAUs1DUBh3CTjOqiQO
Score

10^/10

asyncrat xworm persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittystealerium

behavioral1

asyncratxwormpersistencerattrojan

behavioral2

asyncratxwormpersistencerattrojan

© 2018-2024

Terms | Privacy