asyncrat | d9a3252d8aa1ce8786fd29d68c4d77018a61c51073aaff82db00ae5355704110

Sharing

Copy URL

Twitter E-mail

General

Target

async_modified.zip
Size

32.4MB
Sample

241123-2aj82azkfy
MD5

e37fa9593121cc84aeb257f51e83f2f6
SHA1

bde5dde707a62b66edf968890af7ef49b637675f
SHA256

d9a3252d8aa1ce8786fd29d68c4d77018a61c51073aaff82db00ae5355704110
SHA512

b1c126ab96f1af551f4079a39da4059a3dab6b3ec494191469f893385f909d2361da068f15427e70c4e4447a203ea7efd225972f7647c16313bec8fb0ca5f001
SSDEEP

786432:znyVuH+IxqaCxDWQuPgRgFQ2EFk+EBX268nphPlrA6/kc5Z8ItldTet5m:zyVwLxWWmZEBXvYtlrAIkcb8eldi3m

Score

10^/10

Malware Config

Targets

- Target
  
  async_modified/AsyncRAT.exe
- Size
  
  6.1MB
- MD5
  
  2e22d85e49e70fdcb2b516fc2431ed52
- SHA1
  
  dd3384e996b35c7a4f97696246b12d11d400f595
- SHA256
  
  9588fa3988ffa70c288f0566fffe1e219c0936d5af6dce5ec8b9e1b5161331bc
- SHA512
  
  27a81170f25e5f2bb2222669e00b9fc267a15b7b2a51143cec7d4af1475bed145fedeede038d82bf2d7bc197e8caba2a54ebeca741ed3d7d7d231f1c4374d6ae
- SSDEEP
  
  196608:mxeAwpZllbJwIwOA3x/6txY0h1L4EB3zDG1w:nZllnwXcth1kWjOw
Score

7^/10

discovery
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
behavioral1 behavioral2
- Target
  
  async_modified/BackProxyUI.exe
- Size
  
  231KB
- MD5
  
  523fd9f653ad3259189fa7640d77fb16
- SHA1
  
  708a7221b4bddd0baf8038652747db9bf27c373d
- SHA256
  
  06e55e12b507868b63e615e92820dbbd947b14ccf9de521b24aee2b61e7fa6ce
- SHA512
  
  b5e5915ff3f34dd695cc99e824845394e7babb9fbde14be7a571ecbf445c5dd1c71721be9542546d09d48175befe3c894d094e015f62cedf2179642c3163016d
- SSDEEP
  
  768:Es8veUXnDGOaUppAHdVnEcxV+w4ITc79O/DGOaUppAHdVnEcxV+w4Ihc77U7:R8hDGOtmHTR49GDGOtmHTR4LM
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  async_modified/Fixer.bat
- Size
  
  141B
- MD5
  
  52ab2690a33a51804764be81820504aa
- SHA1
  
  36af53e8b27ea737c255402156c77c5f9be17aa0
- SHA256
  
  5255fa89ba49c5f1f2c81d66d42e3b16305296945683954eab1492ed11b90b4c
- SHA512
  
  95579203bd7e3f2104ad2f886b162f9938d6e371ba351b0b9c5fb5d3368d674f22f4c2ccc54aece5a9ab5f044ca9deeed63a4ad30ffd42787c54807c8396f21b
Score

1^/10
behavioral5 behavioral6
- Target
  
  async_modified/Loader.exe
- Size
  
  6.1MB
- MD5
  
  5476074640117b0175e9ee7298a1a19b
- SHA1
  
  7ad18ef6bee372f4c5e2998dd3e5eab0bebffca3
- SHA256
  
  86df18917eb18870a414629e9c1b68d3cd578ac807e19cac9c1d0ae2f873831c
- SHA512
  
  0c98eaa884a5cdaf7c880bf484755aed96dd2f201e26cae7ff977b1291f18d6d6a1103fd92b8448ccc63c9b2e9a51484684840f053336a9ff7a8eeb69da3bf60
- SSDEEP
  
  196608:Y5eiyJytyj0+JsVU3VPr0yuGjtcFRfDSP4bv:YJsytyj0+JskFuGjQW4b
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  async_modified/Plugins/AVRemoval.dll
- Size
  
  1.5MB
- MD5
  
  3845dddd404c0c63362d992799e6aa52
- SHA1
  
  cffa46dee2794c83ec5c8ce0e4d59bb865fb1a61
- SHA256
  
  b01833a30794a8a760c57afc9bf2ca00dd903a55368f599c15c1e0ea0ceac405
- SHA512
  
  be13ea366148ebeadf6a5443ef551941dd4f0ace7feb55da1a65d08bc39f63d6cfa55cd7bf7b4781c5333085399881b6edd54b5770e5a49a80314bb308fbaa5f
- SSDEEP
  
  24576:Zt+1CUIPT6MhaO5s8f7j6NPCq5YyElo3Tych+l4QTQqBde0Pltfkq3yz+BIOh8y/:Z01sPT6Mhg8f7eNPP5YyElKjh+l9TfBb
Score

1^/10
behavioral10 behavioral9
- Target
  
  async_modified/Plugins/All-In-One.dll
- Size
  
  4.8MB
- MD5
  
  03a25672d87d548d83583bf8439ac484
- SHA1
  
  cc312c1e59581c954a4a12cb423f4ad48d2c083b
- SHA256
  
  885c7e9c48df5fbf4ed256e973a05b88f765be78a6f298564f44d668766f540f
- SHA512
  
  fc095f1d05c5ef70093d25d019b91160b1488026ac19863dcc5f73bbeb841500c7346e3410471dc796e3f66275641a4c9f68751a0b4fdf1afcd3b79f1f317ea7
- SSDEEP
  
  98304:SB1tvPBOw0JefVfQ2a5cFd4KssODtdjF9QORkChiDC9OtH7c2iwGx:atnz0kfVo26WsdjFPRkC8C9OH7c2il
Score

1^/10
behavioral11 behavioral12
- Target
  
  async_modified/Plugins/AnyDesk.exe
- Size
  
  3.8MB
- MD5
  
  fe61cd9e702ec1208c13350c00f0732c
- SHA1
  
  379520c1ad0541d5a30f214e15b7c8bff6766f9f
- SHA256
  
  580f6a285c6c3b7238bd16e1aeb62a077ae44b5061a2162e9fd6383af59028bb
- SHA512
  
  504e581026719b31555f0131bbaf9d5655c8955d9382cc53688873295d393028987032bdfccef09cf42e16ea51f8f8bf91543585b2754d5827d7b29325540cab
- SSDEEP
  
  98304:RSExf+1CnXTxQ9LDj6eblG+L9nDHPdQod:RScf+8nXdQvPtL97dPd
Score

5^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  async_modified/Plugins/Chat.dll
- Size
  
  116KB
- MD5
  
  8d7f8e86033d95669ec3fe39b66aa230
- SHA1
  
  4cdd25dadaa3bbee842b91cc0563704ee0a9363b
- SHA256
  
  7904bfc93da065336773c52db564dea19b6e8b1a85f3a49e90dd1181bce974b6
- SHA512
  
  a89a2c46db432aaf3d118eb66290a5d92b94cf7b2a0ae640039f2751c443d0da069119f4b51e258b7eb895d2b34f2a96c55de2cd2259b5f8f5b7b04e1f521f26
- SSDEEP
  
  1536:Wpur+UuOKC72wBxD/nTGNBd/+5ukHM+hb8bGsCFLirl7ZleeMmeOmsYaBw:IkuQ2w76Bd/7kHM+1Ml7Zg+eOhI
Score

1^/10
behavioral15 behavioral16
- Target
  
  async_modified/Plugins/ChromiumCookies.dll
- Size
  
  407KB
- MD5
  
  3109329b71b699092357c4e0e9a3baaa
- SHA1
  
  135a051fedadf020db3b96577c173b95484d46d6
- SHA256
  
  faba75470162f56dc4bf1f8416152ba51b78461f0bd5bc1ee1308808036f2efd
- SHA512
  
  ac209269ea12e32fbc4fdcbe08574bb3b4db506ce8809e8bf7c73dcec877c1c28529a4e13b0101bf3727ff839ebb12d25261ab1cb4d975c8165ffc53e944a702
- SSDEEP
  
  12288:qvjlPSG37QRGdtTFu66k9r1aaC7KEjKcpMt:qLhSG37E8Hu6ZrvCWEyt
Score

1^/10
behavioral17 behavioral18
- Target
  
  async_modified/Plugins/DicordTokens.dll
- Size
  
  6KB
- MD5
  
  07efb5382b5ed32926c532b1c15de7e3
- SHA1
  
  d193fbbbd56ffb58e74de86b74cea7f91393edce
- SHA256
  
  6b93944e95b293f6f2b8e7ece92634adf0600bfbfa66d757cc937585af279baf
- SHA512
  
  5ba7f0a6a87dc2e6e170aaaa42e625d78b415e73b4fb17095d3895105429d9d63cbb91cd963a9a573b51deee5256351785f70e7522a48fab7ca16e82d5721ff3
- SSDEEP
  
  48:6qIfKD54TAfAV6Pj5zJIp3+IwF6TWQhPEhN8gV8nNMAcx3ndn2scx05x0YHq8lxU:l4PAj5zU3CFuthPQmqrC0v0sq8lbJ
Score

1^/10
behavioral19 behavioral20
- Target
  
  async_modified/Plugins/DotNetZip.dll
- Size
  
  165KB
- MD5
  
  050de1b527dd6693006cb92a241d9752
- SHA1
  
  b24bfb87d146e1b810176cdbecfefd1d0ea4454f
- SHA256
  
  2cc31edcb6a5fe043f5aaeffa13f81eab05a0a5e3d08a2fc04beaa37cd65abb6
- SHA512
  
  4bd49fdf611110ceabc3c1076b2690440d139836bfd5f69af0697dcab67248f191056676468408d269e07b01e9281d14bf0dfbcd6117052bd6454f20b301e8ac
- SSDEEP
  
  3072:N6T/gqXKq8KVCx80ARiPlq9IWUY1jXLY+Vw56ctHGRPeI/Kh73WmqcSCJLeKg2XP:Nc/gqXKq8+RigIWU+Ydm0UA
Score

1^/10
behavioral21 behavioral22
- Target
  
  async_modified/Plugins/Extra.dll
- Size
  
  117KB
- MD5
  
  192056a14892cc083081eb4062a646d7
- SHA1
  
  9ea2fcaf5ee813d7fb4b6bdb13557d45237b8255
- SHA256
  
  b48bb6f491fc5670406007e48fc4f11796922ac62898b1840fc72b95df010989
- SHA512
  
  7bb89b1fbcd781a60586730a580e895a4a1cac3f8c8905b2e1f39513efd260f17f0a66222069dfa404028103c74d6fda6fbb871581dd5147024e56ca5eebf9e0
- SSDEEP
  
  3072:ltFSzqhTg41IIpgytoZgzeyP9miI074VhLZn:xwbgv6ytouz7P9pIAS
Score

1^/10
behavioral23 behavioral24
- Target
  
  async_modified/Plugins/FPLCookies.dll
- Size
  
  285KB
- MD5
  
  bd86c909d395275df32bf700e29b4eb0
- SHA1
  
  756d3f434e1d940400c1a694844d07fbbae51309
- SHA256
  
  0702756fe06f739365e6a9672995d35c63f6293dba0c77f1e8e03abe231f9fb5
- SHA512
  
  5c225bfe00045baf0b49ddaedf0dae94b44c67516a943a794c18ac7f0ef4d0d079e156736d8b1e1d82f5cbeeb11a9936f2eb59b42103d0681ae8a9cc53db8841
- SSDEEP
  
  6144:QcyLHRd719AReQ97ryOBgtdDzpwodwVWvx2ra:QLRd71iz97ryOUdDzpdV
Score

1^/10
behavioral25 behavioral26
- Target
  
  async_modified/Plugins/FileManager.dll
- Size
  
  137KB
- MD5
  
  2be5c2a496f585c54653b9b918be5508
- SHA1
  
  da8ee7e95a58e2c41900e35592aa85cda54d49a1
- SHA256
  
  66395d5bb53e4c665b13b178b891cf4202996926536211b1933ae849daff9f16
- SHA512
  
  98b4ae1460dca9ab9a3dbabd944691aaa1e301b3f4fe78d176c7ec859919be779d3a3a1c4c87f84cf69f29477e7a13b09ca70ae2710f17adfd0aba28bc5d2778
- SSDEEP
  
  3072:Oeu+BYK043WlcPx7xSu/VcBTlXbI+ADx0QE8:OeuI0zlwx7bVyXb07E
Score

1^/10
behavioral27 behavioral28
- Target
  
  async_modified/Plugins/FileSearcher.dll
- Size
  
  232KB
- MD5
  
  86a21d5685937f8819cf9cb9dc062bd6
- SHA1
  
  978978d624c6811290bbaf94bd07e7dfd8b777d7
- SHA256
  
  8f36c597ac2ff480c5911bf8af83dbe7562261019108d860ff9e90165ad4497c
- SHA512
  
  405e8291acf1b4fefccf455655fb5c740f812373430ea5f893ca7cb40b9aebe63d4e0ed22bd0163cd9494d80fe768cb1e41d691f90b6652edf704d07ee0f8a9f
- SSDEEP
  
  3072:kyw8i6LOaqxA25Zrl6kEtLV9cGGaSHMdcvIe3NFJutuI0CSXVGB9yDXcfFUsBc:Y85SfZkNcGHSsdqjJiulCcVWiSUs
Score

1^/10
behavioral29 behavioral30
- Target
  
  async_modified/Plugins/Getscreen.dll
- Size
  
  4.9MB
- MD5
  
  a7acd175e54aef8c3e9aae19846d00f3
- SHA1
  
  075ec8e05670d55338fb53b21f404d56f674f4c0
- SHA256
  
  231a6610f8bd0b5d3014a2e1322274290760349bf73880af7cf9e552d8c1b9a1
- SHA512
  
  2160282163bfeee764c5da209dd2026cfc1d5759c99da71fbf7921b950eaa4ad7d343c6309b5adc89c1f47080a22de7fb2bc78ec77cae0c3d69336e65953a83c
- SSDEEP
  
  98304:33bfwQYhbS5dx3ekCouTcI7uJTkAB6OdaU6azxvSIMXwyE/:335Kor3uouTc9T96OdxNauyE
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

.NET Reactor proctector

Detect Xworm Payload

Xworm

Xworm family

.NET Reactor proctector

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32