General

  • Target

    NOTIFICACION_PROCESO_FISCAL.zip

  • Size

    1MB

  • Sample

    231206-3yr48agcam

  • MD5

    8425a72b33d7542a61df6128452e0bf1

  • SHA1

    ab00140888628fed62f025f22e6dde92569bfad9

  • SHA256

    42cd003d51ecbce1731e918f8e46decce104c22d65a2473206117c9067b0996c

  • SHA512

    21617ffbafdb696fc1452a043df7b53b62cd1799746a9f492a2f3da6a6261426c02c193122949721426e2f7393112be5d97ecc82597dc1a19d3cdeeb540c6506

  • SSDEEP

    49152:MTnLVUqViPaCcUJfWUAfS+2Qn5FiBXN+cHvxXZ:kUqIPa0JuUdly5FiBIqJ

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

lila152512.duckdns.org:1234

Mutex

AsyncMutex_Default

Attributes
  • delay

    3

  • install

    false

  • install_file

    poder.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      #6 NOTIFICACION PROCESO FISCAL..exe

    • Size

      20KB

    • MD5

      9329ba45c8b97485926a171e34c2abb8

    • SHA1

      20118bc0432b4e8b3660a4b038b20ca28f721e5c

    • SHA256

      effa6fcb8759375b4089ccf61202a5c63243f4102872e64e3eb0a1bdc2727659

    • SHA512

      0af06b5495142ba0632a46be0778a7bd3d507e9848b3159436aa504536919abbcacd8b740ef4b591296e86604b49e0642fee2c273a45e44b41a80f91a1d52acc

    • SSDEEP

      384:Damtvzlx5v02RIDauMTnxOn6sGCYJLW7wycJbi6jc:D7Jv0qpukxO6s6Lhbimc

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Suspicious use of SetThreadContext

    • Target

      Microsoft.VC80.CRT.manifest

    • Size

      1KB

    • MD5

      d34b3da03c59f38a510eaa8ccc151ec7

    • SHA1

      41b978588a9902f5e14b2b693973cb210ed900b2

    • SHA256

      a50941352cb9d8f7ba6fbf7db5c8af95fb5ab76fc5d60cfd0984e558678908cc

    • SHA512

      231a97761d652a0fc133b930abba07d456ba6cd70703a632fd7292f6ee00e50ef28562159e54acc3fc6cc118f766ea3f2f8392579ae31cc9c0c1c0dd761d36f7

    Score
    3/10
    • Target

      Microsoft.VC80.MFC.manifest

    • Size

      2KB

    • MD5

      f1bb778577cfb1e45adfbb2eaaad7f58

    • SHA1

      171b0121b165b701482f96b02e7adffd6c799fce

    • SHA256

      53b6cdab4a829674082048606a65111a2d6ac3a1b2bcfb8be34d8296590d42de

    • SHA512

      4d125d773a3dd6a0cb755b69053f7d305de03c3fa9854a87a9ecf504c23c8c37ba3fe533b0cd45762b340e6b8065d33bf7280a76376077fb734eae52f950249d

    Score
    3/10
    • Target

      Microsoft.VC80.MFCLOC.manifest

    • Size

      1KB

    • MD5

      526c8811d11c65f7ebca8d5f38421188

    • SHA1

      f964cc250e326101f636a6293ecc710761ef7ccf

    • SHA256

      571af1ea18ca3f68c321975e7b1a1146b00dfa9349d5711a30c7cf89045a6a1a

    • SHA512

      42e328781bfff24112d6d9c2a84cf2de95dc9767b8b4dd8b6de099722c236350401e483c2710196dd7092c5b9a03f65a6938dd680e5a2cbbc288a6344f950929

    Score
    1/10
    • Target

      http_dll.dll

    • Size

      883KB

    • MD5

      deac278cd34bcf4ac1596ed27a7400b5

    • SHA1

      a19cc9b06bb61efb143a6f8dd0761e0a41c36394

    • SHA256

      7eb439f5da221a3f4978131b2acfe1ac80708654e693874e0b81ccf25600e7f3

    • SHA512

      0245bf0c694f64726d72354af47b9ea3e2edec45c69705d620e526aa44eb373aff33b23803b0b1eec1b85e3de267551dcf76e5ce7514d1e9430fffd9e1b3006a

    • SSDEEP

      24576:Wzq6uStsPOf+2nVWeqnm5dVjPiV95Myq15:Oq/GbVWCP9yq15

    Score
    1/10
    • Target

      mfc80u.dll

    • Size

      1MB

    • MD5

      686b224b4987c22b153fbb545fee9657

    • SHA1

      684ee9f018fbb0bbf6ffa590f3782ba49d5d096c

    • SHA256

      a2ac851f35066c2f13a7452b7a9a3fee05bfb42907ae77a6b85b212a2227fc36

    • SHA512

      44d65db91ceea351d2b6217eaa27358dbc2ed27c9a83d226b59aecb336a9252b60aec5ce5e646706a2af5631d5ee0f721231ec751e97e47bbbc32d5f40908875

    • SSDEEP

      12288:wsaHmJ//R12t2PdMvWxMIQ1zoKyK0ivyHCJKjswl/KY6oQy3AmgVk2YDFpR7m81H:KHmJ+tKtxMIQNmCcjswl/KYh/2YFnb

    Score
    1/10
    • Target

      monokini.iso

    • Size

      517KB

    • MD5

      c86de9583cb940fc0f859b6bd80774f4

    • SHA1

      af33f62c2a9734a387638e6bf6e97dd7ad5e6732

    • SHA256

      2c83d90551a91ad60ec36a525821c4f89f41af1ceae22719189307222a8ac824

    • SHA512

      4cf971d0363a6aa62eb0cb43c9b4c3ad620ea97af26c81877d33182283c7cac5e4c5e6178869fefd46838121395261d2ceeea5e102b0db74f94bbbf846e09d42

    • SSDEEP

      12288:7wrSHsJdzh9E5Uo4ZXZRJqVXBExXRk0U8mc+jpW:lHsJdzihWJrq0DUtLjpW

    Score
    3/10
    • Target

      msvcr80.dll

    • Size

      617KB

    • MD5

      1169436ee42f860c7db37a4692b38f0e

    • SHA1

      4ccd15bf2c1b1d541ac883b0f42497e8ced6a5a3

    • SHA256

      9382aaed2db19cd75a70e38964f06c63f19f63c9dfb5a33b0c2d445bb41b6e46

    • SHA512

      e06064eb95a2ab9c3343672072f5b3f5983fc8ea9e5c92f79e50ba2e259d6d5fa8ed97170dea6d0d032ea6c01e074eefaab850d28965c7522fb7e03d9c65eae0

    • SSDEEP

      12288:bxzh9hH5RVKTp0G+vjhr46CIw+0yZmGyYCj:bph9hHzVKOpXwymGyYo

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Tasks