General
-
Target
IMG-203857623895728935728935872 CONFIRMACION DE CONSIGNACION EXITOSA EL DIA 25 DE NOVIEMBRE DEL 2022.exe
-
Size
310KB
-
Sample
221125-zdtwjagd3s
-
MD5
0d4285c801baec1bbc17354f4914fc57
-
SHA1
248901667b4ce7a90e156ae51a3674dfed09d61b
-
SHA256
da25fa6c320d11fefa4fb2fb6550e53048b91660a616978067e1d10fd10bbf67
-
SHA512
6c248b3bc6bcbfc044b082469ead71ec3fad2668f49f2c5b7b1eb2dc14540a7246215740cbaede00f20cf4146a5757fa4b5105f652e3ac622e705406afbbd9b6
-
SSDEEP
6144:MXoSLdXaeE8VljqIHW8e8S7znoD7FLHHsf3ACLF2qV018iAJZJqRadVAiWvc7:M7ae7bqWWVoDhjeACx2qq1V2MgQU7
Static task
static1
Behavioral task
behavioral1
Sample
IMG-203857623895728935728935872 CONFIRMACION DE CONSIGNACION EXITOSA EL DIA 25 DE NOVIEMBRE DEL 2022.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
IMG-203857623895728935728935872 CONFIRMACION DE CONSIGNACION EXITOSA EL DIA 25 DE NOVIEMBRE DEL 2022.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
1.0.7
Default
roberurrutialora09.duckdns.org:1994
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
IMG-203857623895728935728935872 CONFIRMACION DE CONSIGNACION EXITOSA EL DIA 25 DE NOVIEMBRE DEL 2022.exe
-
Size
310KB
-
MD5
0d4285c801baec1bbc17354f4914fc57
-
SHA1
248901667b4ce7a90e156ae51a3674dfed09d61b
-
SHA256
da25fa6c320d11fefa4fb2fb6550e53048b91660a616978067e1d10fd10bbf67
-
SHA512
6c248b3bc6bcbfc044b082469ead71ec3fad2668f49f2c5b7b1eb2dc14540a7246215740cbaede00f20cf4146a5757fa4b5105f652e3ac622e705406afbbd9b6
-
SSDEEP
6144:MXoSLdXaeE8VljqIHW8e8S7znoD7FLHHsf3ACLF2qV018iAJZJqRadVAiWvc7:M7ae7bqWWVoDhjeACx2qq1V2MgQU7
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-