Resubmissions

19/01/2024, 22:40

240119-2lvh5sfdg8 10

19/01/2024, 22:36

240119-2jepxafdd6 7

General

  • Target

    1 NOTIFICACION DEMANDA.REV

  • Size

    1.8MB

  • Sample

    240119-2lvh5sfdg8

  • MD5

    294c11b20ab53ed4b6e02bf2584d4fe4

  • SHA1

    5dea82ff0b8df8b923e8c03f2aca1d0a3877c367

  • SHA256

    717d495a0fa09889abeb7eb44f5395ee7cfc22a79ec6020d3452110c293f53c4

  • SHA512

    8605fcac90c0da7d79b1c63710b2657a118fe65231871356201825641e5f02d528df75145db2cf8b5724e83e4c8d561cea647710e0aad346aab84650e12ab225

  • SSDEEP

    49152:epkhEAZmF7pOAzaOD3molRe8iZPHmtNsj:JD0F9O4abolQZmto

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

ancy2024.kozow.com:1234

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1 NOTIFICACION DEMANDA.REV

    • Size

      1.8MB

    • MD5

      294c11b20ab53ed4b6e02bf2584d4fe4

    • SHA1

      5dea82ff0b8df8b923e8c03f2aca1d0a3877c367

    • SHA256

      717d495a0fa09889abeb7eb44f5395ee7cfc22a79ec6020d3452110c293f53c4

    • SHA512

      8605fcac90c0da7d79b1c63710b2657a118fe65231871356201825641e5f02d528df75145db2cf8b5724e83e4c8d561cea647710e0aad346aab84650e12ab225

    • SSDEEP

      49152:epkhEAZmF7pOAzaOD3molRe8iZPHmtNsj:JD0F9O4abolQZmto

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks