General

  • Target

    03 NOTIFICACION PROCESO FISCAL.REV

  • Size

    1.2MB

  • Sample

    231114-z9xx3ahd3s

  • MD5

    1359abbbd742ef0bc4d4919a36518ac4

  • SHA1

    d1621ed2e97fb165ed13b9498bd60a396858c68d

  • SHA256

    b56ee8c6ddea46fbc5909302712cc75a310db3189ed314b812428b30b488a429

  • SHA512

    a17f78c4af26f78be8a6660bce71b20b292bd8ca6029c3a95ab85cbe3c8fc4d6a92e517118999926f406d4b79c1d83a114fd607a72ea4a422a8d4c03787ebcbd

  • SSDEEP

    24576:ne0zf2fpZypjFvgHkZgEGZsoVWR3rHKY6vQS2+Obedy90y0PiFikTw4:e0Kyp2HkiESsoVWR3rq7vQ9+Obedy21Q

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Clientes

C2

noescorrecto2023.kozow.com:2021

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      03 NOTIFICACION PROCESO FISCAL/03 NOTIFICACION PROCESO FISCAL....exe

    • Size

      20KB

    • MD5

      9329ba45c8b97485926a171e34c2abb8

    • SHA1

      20118bc0432b4e8b3660a4b038b20ca28f721e5c

    • SHA256

      effa6fcb8759375b4089ccf61202a5c63243f4102872e64e3eb0a1bdc2727659

    • SHA512

      0af06b5495142ba0632a46be0778a7bd3d507e9848b3159436aa504536919abbcacd8b740ef4b591296e86604b49e0642fee2c273a45e44b41a80f91a1d52acc

    • SSDEEP

      384:Damtvzlx5v02RIDauMTnxOn6sGCYJLW7wycJbi6jc:D7Jv0qpukxO6s6Lhbimc

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Suspicious use of SetThreadContext

    • Target

      03 NOTIFICACION PROCESO FISCAL/http_dll.dll

    • Size

      883KB

    • MD5

      cadf7396c40b8d174575bb15f2482634

    • SHA1

      0af8c02b178cd7ff57d3c07993dcced4d175078f

    • SHA256

      d2b96401dbc69221398394bead4d14d56b11edfa8d62e9e56e7bbebaad1a9e8a

    • SHA512

      82f14790c4298dc0c31e79444651e8afe9da21e42860025328524eabd5f7c6eedfffcc4bf99690ea0ff9bcad4e5aa2cd5bf2e411eed534c154cc3bdbe5e98a3c

    • SSDEEP

      24576:Wzq6uStsPOf+2nVWeqnm5dVjPiV95ayq15:Oq/GbVWCPjyq15

    Score
    1/10
    • Target

      03 NOTIFICACION PROCESO FISCAL/mfc80u.dll

    • Size

      1.0MB

    • MD5

      686b224b4987c22b153fbb545fee9657

    • SHA1

      684ee9f018fbb0bbf6ffa590f3782ba49d5d096c

    • SHA256

      a2ac851f35066c2f13a7452b7a9a3fee05bfb42907ae77a6b85b212a2227fc36

    • SHA512

      44d65db91ceea351d2b6217eaa27358dbc2ed27c9a83d226b59aecb336a9252b60aec5ce5e646706a2af5631d5ee0f721231ec751e97e47bbbc32d5f40908875

    • SSDEEP

      12288:wsaHmJ//R12t2PdMvWxMIQ1zoKyK0ivyHCJKjswl/KY6oQy3AmgVk2YDFpR7m81H:KHmJ+tKtxMIQNmCcjswl/KYh/2YFnb

    Score
    1/10
    • Target

      03 NOTIFICACION PROCESO FISCAL/msvcr80.dll

    • Size

      617KB

    • MD5

      1169436ee42f860c7db37a4692b38f0e

    • SHA1

      4ccd15bf2c1b1d541ac883b0f42497e8ced6a5a3

    • SHA256

      9382aaed2db19cd75a70e38964f06c63f19f63c9dfb5a33b0c2d445bb41b6e46

    • SHA512

      e06064eb95a2ab9c3343672072f5b3f5983fc8ea9e5c92f79e50ba2e259d6d5fa8ed97170dea6d0d032ea6c01e074eefaab850d28965c7522fb7e03d9c65eae0

    • SSDEEP

      12288:bxzh9hH5RVKTp0G+vjhr46CIw+0yZmGyYCj:bph9hHzVKOpXwymGyYo

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks