Overview

overview

10

Static

static

1

Re JUZGADO...O..eml

windows7-x64

10

Re JUZGADO...O..eml

windows10-2004-x64

3

Resubmissions

06-10-2023 17:17

231006-vtvqjsef4v 5

05-10-2023 04:20

231005-ex7aragf4w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Re JUZGADO 002 LABORAL DEL CIRCUITO - NOTIFICACIÓN DENUNCIA LABORAL ADMINISTRATIVO POR INCUMPLIMIENTO..eml

  • Size

    198KB

  • Sample

    231005-ex7aragf4w

  • MD5

    8763e44e3877ed4e503a69872c03a765

  • SHA1

    5a2a5c852bb83dbefb1088f836fedb79bfa0c5bd

  • SHA256

    935f2ed3787ddce80823c6f0e513c1a5865e87edf2c9597994e43c6ceb104ad1

  • SHA512

    7cf1be7a3ef6a392558dab270b7c083c9cacd06a48d8f9e07d8f7bab29729e32fbc9763749499f009090e275e59b9368de55ff077e9b4bd89ab7c138cdb3c3a7

  • SSDEEP

    3072:kXSuG3PsYtx7hPuUzAj+takLgdlbV2qcPimD0UOi+ksPnspTA8pmVkY2POJM:kXSuG3PF9BaYgdQuoPgspTAQY2POJM

Score
10/10
asyncratzloaderdefaultbotnetrattrojan

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

paisaloro.kozow.com:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Re JUZGADO 002 LABORAL DEL CIRCUITO - NOTIFICACIÓN DENUNCIA LABORAL ADMINISTRATIVO POR INCUMPLIMIENTO..eml

    • Size

      198KB

    • MD5

      8763e44e3877ed4e503a69872c03a765

    • SHA1

      5a2a5c852bb83dbefb1088f836fedb79bfa0c5bd

    • SHA256

      935f2ed3787ddce80823c6f0e513c1a5865e87edf2c9597994e43c6ceb104ad1

    • SHA512

      7cf1be7a3ef6a392558dab270b7c083c9cacd06a48d8f9e07d8f7bab29729e32fbc9763749499f009090e275e59b9368de55ff077e9b4bd89ab7c138cdb3c3a7

    • SSDEEP

      3072:kXSuG3PsYtx7hPuUzAj+takLgdlbV2qcPimD0UOi+ksPnspTA8pmVkY2POJM:kXSuG3PF9BaYgdQuoPgspTAQY2POJM

    Score
    10/10
    asyncratzloaderdefaultbotnetrattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks