Overview
overview
10Static
static
3#6 NOTIFIC...L..exe
windows10-2004-x64
10Microsoft....nifest
windows10-2004-x64
3Microsoft....nifest
windows10-2004-x64
3Microsoft....OC.xml
windows10-2004-x64
1http_dll.dll
windows10-2004-x64
1mfc80u.dll
windows10-2004-x64
1monokini.iso
windows10-2004-x64
3msvcr80.dll
windows10-2004-x64
1General
-
Target
NOTIFICACION_PROCESO_FISCAL.zip
-
Size
1.6MB
-
Sample
231206-3yr48agcam
-
MD5
8425a72b33d7542a61df6128452e0bf1
-
SHA1
ab00140888628fed62f025f22e6dde92569bfad9
-
SHA256
42cd003d51ecbce1731e918f8e46decce104c22d65a2473206117c9067b0996c
-
SHA512
21617ffbafdb696fc1452a043df7b53b62cd1799746a9f492a2f3da6a6261426c02c193122949721426e2f7393112be5d97ecc82597dc1a19d3cdeeb540c6506
-
SSDEEP
49152:MTnLVUqViPaCcUJfWUAfS+2Qn5FiBXN+cHvxXZ:kUqIPa0JuUdly5FiBIqJ
Static task
static1
Behavioral task
behavioral1
Sample
#6 NOTIFICACION PROCESO FISCAL..exe
Resource
win10v2004-20231127-es
Behavioral task
behavioral2
Sample
Microsoft.VC80.CRT.manifest
Resource
win10v2004-20231127-es
Behavioral task
behavioral3
Sample
Microsoft.VC80.MFC.manifest
Resource
win10v2004-20231130-es
Behavioral task
behavioral4
Sample
Microsoft.VC80.MFCLOC.xml
Resource
win10v2004-20231201-es
Behavioral task
behavioral5
Sample
http_dll.dll
Resource
win10v2004-20231127-es
Behavioral task
behavioral6
Sample
mfc80u.dll
Resource
win10v2004-20231130-es
Behavioral task
behavioral7
Sample
monokini.iso
Resource
win10v2004-20231201-es
Behavioral task
behavioral8
Sample
msvcr80.dll
Resource
win10v2004-20231130-es
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
lila152512.duckdns.org:1234
AsyncMutex_Default
-
delay
3
-
install
false
-
install_file
poder.exe
-
install_folder
%AppData%
Targets
-
-
Target
#6 NOTIFICACION PROCESO FISCAL..exe
-
Size
20KB
-
MD5
9329ba45c8b97485926a171e34c2abb8
-
SHA1
20118bc0432b4e8b3660a4b038b20ca28f721e5c
-
SHA256
effa6fcb8759375b4089ccf61202a5c63243f4102872e64e3eb0a1bdc2727659
-
SHA512
0af06b5495142ba0632a46be0778a7bd3d507e9848b3159436aa504536919abbcacd8b740ef4b591296e86604b49e0642fee2c273a45e44b41a80f91a1d52acc
-
SSDEEP
384:Damtvzlx5v02RIDauMTnxOn6sGCYJLW7wycJbi6jc:D7Jv0qpukxO6s6Lhbimc
-
Async RAT payload
-
Suspicious use of SetThreadContext
-
-
-
Target
Microsoft.VC80.CRT.manifest
-
Size
1KB
-
MD5
d34b3da03c59f38a510eaa8ccc151ec7
-
SHA1
41b978588a9902f5e14b2b693973cb210ed900b2
-
SHA256
a50941352cb9d8f7ba6fbf7db5c8af95fb5ab76fc5d60cfd0984e558678908cc
-
SHA512
231a97761d652a0fc133b930abba07d456ba6cd70703a632fd7292f6ee00e50ef28562159e54acc3fc6cc118f766ea3f2f8392579ae31cc9c0c1c0dd761d36f7
Score3/10 -
-
-
Target
Microsoft.VC80.MFC.manifest
-
Size
2KB
-
MD5
f1bb778577cfb1e45adfbb2eaaad7f58
-
SHA1
171b0121b165b701482f96b02e7adffd6c799fce
-
SHA256
53b6cdab4a829674082048606a65111a2d6ac3a1b2bcfb8be34d8296590d42de
-
SHA512
4d125d773a3dd6a0cb755b69053f7d305de03c3fa9854a87a9ecf504c23c8c37ba3fe533b0cd45762b340e6b8065d33bf7280a76376077fb734eae52f950249d
Score3/10 -
-
-
Target
Microsoft.VC80.MFCLOC.manifest
-
Size
1KB
-
MD5
526c8811d11c65f7ebca8d5f38421188
-
SHA1
f964cc250e326101f636a6293ecc710761ef7ccf
-
SHA256
571af1ea18ca3f68c321975e7b1a1146b00dfa9349d5711a30c7cf89045a6a1a
-
SHA512
42e328781bfff24112d6d9c2a84cf2de95dc9767b8b4dd8b6de099722c236350401e483c2710196dd7092c5b9a03f65a6938dd680e5a2cbbc288a6344f950929
Score1/10 -
-
-
Target
http_dll.dll
-
Size
883KB
-
MD5
deac278cd34bcf4ac1596ed27a7400b5
-
SHA1
a19cc9b06bb61efb143a6f8dd0761e0a41c36394
-
SHA256
7eb439f5da221a3f4978131b2acfe1ac80708654e693874e0b81ccf25600e7f3
-
SHA512
0245bf0c694f64726d72354af47b9ea3e2edec45c69705d620e526aa44eb373aff33b23803b0b1eec1b85e3de267551dcf76e5ce7514d1e9430fffd9e1b3006a
-
SSDEEP
24576:Wzq6uStsPOf+2nVWeqnm5dVjPiV95Myq15:Oq/GbVWCP9yq15
Score1/10 -
-
-
Target
mfc80u.dll
-
Size
1.0MB
-
MD5
686b224b4987c22b153fbb545fee9657
-
SHA1
684ee9f018fbb0bbf6ffa590f3782ba49d5d096c
-
SHA256
a2ac851f35066c2f13a7452b7a9a3fee05bfb42907ae77a6b85b212a2227fc36
-
SHA512
44d65db91ceea351d2b6217eaa27358dbc2ed27c9a83d226b59aecb336a9252b60aec5ce5e646706a2af5631d5ee0f721231ec751e97e47bbbc32d5f40908875
-
SSDEEP
12288:wsaHmJ//R12t2PdMvWxMIQ1zoKyK0ivyHCJKjswl/KY6oQy3AmgVk2YDFpR7m81H:KHmJ+tKtxMIQNmCcjswl/KYh/2YFnb
Score1/10 -
-
-
Target
monokini.iso
-
Size
517KB
-
MD5
c86de9583cb940fc0f859b6bd80774f4
-
SHA1
af33f62c2a9734a387638e6bf6e97dd7ad5e6732
-
SHA256
2c83d90551a91ad60ec36a525821c4f89f41af1ceae22719189307222a8ac824
-
SHA512
4cf971d0363a6aa62eb0cb43c9b4c3ad620ea97af26c81877d33182283c7cac5e4c5e6178869fefd46838121395261d2ceeea5e102b0db74f94bbbf846e09d42
-
SSDEEP
12288:7wrSHsJdzh9E5Uo4ZXZRJqVXBExXRk0U8mc+jpW:lHsJdzihWJrq0DUtLjpW
Score3/10 -
-
-
Target
msvcr80.dll
-
Size
617KB
-
MD5
1169436ee42f860c7db37a4692b38f0e
-
SHA1
4ccd15bf2c1b1d541ac883b0f42497e8ced6a5a3
-
SHA256
9382aaed2db19cd75a70e38964f06c63f19f63c9dfb5a33b0c2d445bb41b6e46
-
SHA512
e06064eb95a2ab9c3343672072f5b3f5983fc8ea9e5c92f79e50ba2e259d6d5fa8ed97170dea6d0d032ea6c01e074eefaab850d28965c7522fb7e03d9c65eae0
-
SSDEEP
12288:bxzh9hH5RVKTp0G+vjhr46CIw+0yZmGyYCj:bph9hHzVKOpXwymGyYo
Score1/10 -