General

  • Target

    PROCESO JURIDICO DOC (1).rev

  • Size

    1.2MB

  • Sample

    231116-dctngsfc38

  • MD5

    69b2808f0f2ee355e2e09ab5e88d45f6

  • SHA1

    a7e80c5dac318d4d91635262d28cf56aab459f32

  • SHA256

    70e66269fdda2a652f36ab5f210fca880072caeb0351511526f830bea0ea4da7

  • SHA512

    4d2fab711f79dc0abbb8becbf0fc3280205092b5db540dd4ffbfce57f4993e3647bd204d338c10a9d4c7a8f0c2bdbb800d789ac51dbcaa56f9b046b849093c22

  • SSDEEP

    24576:GFS6iLzFA9HEcqqjnQmSGAcJQbKlg5bal+KNzXVhKzfSVbadnmFeVvUXLv:olim9HEKngncJQbKrMMFSfYbAYeVvsv

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

TRACKMONEY

C2

trackmoney.dynuddns.net:5959

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PROCESO JURIDICO DOC (1).rev

    • Size

      1.2MB

    • MD5

      69b2808f0f2ee355e2e09ab5e88d45f6

    • SHA1

      a7e80c5dac318d4d91635262d28cf56aab459f32

    • SHA256

      70e66269fdda2a652f36ab5f210fca880072caeb0351511526f830bea0ea4da7

    • SHA512

      4d2fab711f79dc0abbb8becbf0fc3280205092b5db540dd4ffbfce57f4993e3647bd204d338c10a9d4c7a8f0c2bdbb800d789ac51dbcaa56f9b046b849093c22

    • SSDEEP

      24576:GFS6iLzFA9HEcqqjnQmSGAcJQbKlg5bal+KNzXVhKzfSVbadnmFeVvUXLv:olim9HEKngncJQbKrMMFSfYbAYeVvsv

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks