Overview

overview

10

Static

static

Transferen...44.chm

windows7-x64

10

Transferen...44.chm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Transferencias y Pagos 1 de enero de 2023_2584844.chm

  • Size

    59KB

  • Sample

    230106-y292zsbf92

  • MD5

    4b0ddfb26d2743bad226a1d431a4767e

  • SHA1

    ed952757eb6a27af4f2d329f6bffe8f7d59b1342

  • SHA256

    971a53dd3d17c44c1f4b21e33c0c161aed411ebb8c4d7f5a47c3cc68849340a5

  • SHA512

    352b4a880b5ba094c48321fb9947db8dce2dc36a171ff50d974c1fecc8fbd1b57f9d0d9129559d50bc567940f876e3fbbc5ca7ce16b29aac277de67f5bccc7fa

  • SSDEEP

    1536:qNjgIR+aaZwWIYu8jSiygsYys4WwWT/6b3+Pq/NuTpkZk2Gt:ojnR+hNxWiygZysFwWNSNCR2Gt

Score
10/10
asyncrat2023_cdtrat

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://skynetx.com.br/atendimento.htm

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://skynetx.com.br/2023.microsoft

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

2023_CDT

C2

chromedata.accesscam.org:7707

chromedata.accesscam.org:4404

chromedata.accesscam.org:5505

chromedata.accesscam.org:3303

chromedata.accesscam.org:2222

chromedata.accesscam.org:6606

chromedata.accesscam.org:8808

chromedata.accesscam.org:5155

chromedata.accesscam.org:5122

chromedata.accesscam.org:8001

chromedata.accesscam.org:9000

chromedata.accesscam.org:9999

chromedata.accesscam.org:8888

adobedata.webredirect.org:7707

adobedata.webredirect.org:4404

adobedata.webredirect.org:5505

adobedata.webredirect.org:3303

adobedata.webredirect.org:2222

adobedata.webredirect.org:6606

adobedata.webredirect.org:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_file

    DesbravadorUpdata.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Transferencias y Pagos 1 de enero de 2023_2584844.chm

    • Size

      59KB

    • MD5

      4b0ddfb26d2743bad226a1d431a4767e

    • SHA1

      ed952757eb6a27af4f2d329f6bffe8f7d59b1342

    • SHA256

      971a53dd3d17c44c1f4b21e33c0c161aed411ebb8c4d7f5a47c3cc68849340a5

    • SHA512

      352b4a880b5ba094c48321fb9947db8dce2dc36a171ff50d974c1fecc8fbd1b57f9d0d9129559d50bc567940f876e3fbbc5ca7ce16b29aac277de67f5bccc7fa

    • SSDEEP

      1536:qNjgIR+aaZwWIYu8jSiygsYys4WwWT/6b3+Pq/NuTpkZk2Gt:ojnR+hNxWiygZysFwWNSNCR2Gt

    Score
    10/10
    asyncrat2023_cdtrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks