General
-
Target
1 NOTIFICACION DEMANDA.REV
-
Size
1.8MB
-
Sample
240119-2lvh5sfdg8
-
MD5
294c11b20ab53ed4b6e02bf2584d4fe4
-
SHA1
5dea82ff0b8df8b923e8c03f2aca1d0a3877c367
-
SHA256
717d495a0fa09889abeb7eb44f5395ee7cfc22a79ec6020d3452110c293f53c4
-
SHA512
8605fcac90c0da7d79b1c63710b2657a118fe65231871356201825641e5f02d528df75145db2cf8b5724e83e4c8d561cea647710e0aad346aab84650e12ab225
-
SSDEEP
49152:epkhEAZmF7pOAzaOD3molRe8iZPHmtNsj:JD0F9O4abolQZmto
Static task
static1
Behavioral task
behavioral1
Sample
1 NOTIFICACION DEMANDA.7z
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
Default
ancy2024.kozow.com:1234
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
1 NOTIFICACION DEMANDA.REV
-
Size
1.8MB
-
MD5
294c11b20ab53ed4b6e02bf2584d4fe4
-
SHA1
5dea82ff0b8df8b923e8c03f2aca1d0a3877c367
-
SHA256
717d495a0fa09889abeb7eb44f5395ee7cfc22a79ec6020d3452110c293f53c4
-
SHA512
8605fcac90c0da7d79b1c63710b2657a118fe65231871356201825641e5f02d528df75145db2cf8b5724e83e4c8d561cea647710e0aad346aab84650e12ab225
-
SSDEEP
49152:epkhEAZmF7pOAzaOD3molRe8iZPHmtNsj:JD0F9O4abolQZmto
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-