General

  • Target

    2 NOTIFICACION DEMANDA.REV

  • Size

    1.8MB

  • Sample

    240119-yqv4padcg2

  • MD5

    ece8cdce64dc0dff3a2730a837a14871

  • SHA1

    540eb19418a28a89b7a9846be39a741dcb68e1f9

  • SHA256

    4e9d504336eb698313bad13e4b84bf77c942b205d6d26ebc7fe09f5cbc6f3581

  • SHA512

    cd15374cf80c5e561574951f156aaaf3d99278807f7da44a9f3b10e5263a54eae3a196993fb850b7fba9f1407ef71da4a74b8780dcaac9c7e04da4d45597b9c6

  • SSDEEP

    49152:UMhwHl1Xj7/52DKrljOrhOSkqQSyNl4QvmFYJFJL/ZojtFcKgj:HaHlpj7uKIrbwCYN/Z2cRj

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

bollon8.kozow.com:6969

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2 NOTIFICACION DEMANDA.REV

    • Size

      1.8MB

    • MD5

      ece8cdce64dc0dff3a2730a837a14871

    • SHA1

      540eb19418a28a89b7a9846be39a741dcb68e1f9

    • SHA256

      4e9d504336eb698313bad13e4b84bf77c942b205d6d26ebc7fe09f5cbc6f3581

    • SHA512

      cd15374cf80c5e561574951f156aaaf3d99278807f7da44a9f3b10e5263a54eae3a196993fb850b7fba9f1407ef71da4a74b8780dcaac9c7e04da4d45597b9c6

    • SSDEEP

      49152:UMhwHl1Xj7/52DKrljOrhOSkqQSyNl4QvmFYJFJL/ZojtFcKgj:HaHlpj7uKIrbwCYN/Z2cRj

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      2 NOTIFICACION DEMANDA/2 NOTIFICACION DEMANDA ...exe

    • Size

      135KB

    • MD5

      a2d70fbab5181a509369d96b682fc641

    • SHA1

      22afcdc180400c4d2b9e5a6db2b8a26bff54dd38

    • SHA256

      8aed681ad8d660257c10d2f0e85ae673184055a341901643f27afc38e5ef8473

    • SHA512

      219c6e7e88004fad9f4392be9a852c58fc43b7f6900e40370991427f37eaea5c18f48d2954f9479dde8bcb787345f4e292d5620add8224aec4d93d7968820b83

    • SSDEEP

      1536:URLRDTAC1CMoR1CqabJWt7AQFYMGhw1ScCD28v2Vv428fmvxOuw03h9VC:URdV1CMoiqadTQFBGhw1ED28+94hGw

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Async RAT payload

    • Suspicious use of SetThreadContext

    • Target

      2 NOTIFICACION DEMANDA/Register.dll

    • Size

      1.0MB

    • MD5

      dd001e7a2f751f6c9e8c40e23307d102

    • SHA1

      22fdeab3d891334e2e27d970b3a5680d45cb3371

    • SHA256

      e2b66236119bfea1571f423a721b1c4495b2363a0af83b8ec2ea728b4fdd7d7a

    • SHA512

      ee9591e952028aab264ed6fa51369bb5c8d7aee4eaf735fd2f78b4559e2d07791d4d9777478d93be9de8952fa70105d9c431a48d380eebe637138fa188d7aae7

    • SSDEEP

      24576:a0RdvjwJ4ZCWQufs54Quz27j7BS2Nv+4BT8+uCI:bDhTzAj7pXT3S

    Score
    1/10
    • Target

      2 NOTIFICACION DEMANDA/breakage.ogg

    • Size

      91KB

    • MD5

      25ceb30a246b5e35393c3014a8458610

    • SHA1

      30d174a20e735cd86458be23017a5e09ce46e85d

    • SHA256

      23df8661729e5cd150bc5821f3a3d57d918332c4e34cca70eec6495fcb5582d1

    • SHA512

      fe80bd336b87818c0e4091ad5d8c0c2a3ec167840072ead2c7533b20318360bc85b71d5b943973fb11018889e06c51042e0ecf7fe903f08487597e93970338ba

    • SSDEEP

      1536:OUXBvEmQP+ps/USDEW6JA47CgxQqQraU54mR1DQ+XXJGswHw:VvEmQP+pBCElK47CM5Y954h+JGswHw

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      2 NOTIFICACION DEMANDA/fascinator.psd

    • Size

      633KB

    • MD5

      82d2c77994c7cef5421400b19864b0ea

    • SHA1

      56bef4cbe02af14bad3839874085f0fbc15bb2b5

    • SHA256

      f326b66018701486dec5ef90d28524ba6112127940ed681e0663b541e7784d50

    • SHA512

      5566ba4b1bae56f0c6c55e3ca549c8f5e03099fec392470bc4ab363391117ec10aa154fb61a372985c0b1df503473f558fd0f70335aeecc101caf9232a4008c6

    • SSDEEP

      12288:lP8QxX0beTecxbEUtMCCwfRtNh8HT1IXD32ljkdmwWjfH3a07IY/LYUe:PiCj5tNh8z1IYjkdmVfqrY/M

    Score
    3/10
    • Target

      2 NOTIFICACION DEMANDA/rtl120.bpl

    • Size

      1.1MB

    • MD5

      adf82ed333fb5567f8097c7235b0e17f

    • SHA1

      e6ccaf016fc45edcdadeb40da64c207ddb33859f

    • SHA256

      d6dd7a4f46f2cfde9c4eb9463b79d5ff90fc690da14672ba1da39708ee1b9b50

    • SHA512

      2253c7b51317a3b5734025b6c7639105dbc81c340703718d679a00c13d40dd74ccaba1f6d04b21ee440f19e82ba680aa4b2a6a75c618aed91bd85a132be9fc92

    • SSDEEP

      24576:GbhVoNWbA1m6z1hGaMopv3RdaK6IPFf0DtDN9Tox0gc:vtQZPTtgc

    Score
    1/10
    • Target

      2 NOTIFICACION DEMANDA/vcl120.bpl

    • Size

      1.9MB

    • MD5

      c594d746ff6c99d140b5e8da97f12fd4

    • SHA1

      f21742707c5f3fee776f98641f36bd755e24a7b0

    • SHA256

      572edb7d630e9b03f93bd15135d2ca360176c1232051293663ec5b75c2428aec

    • SHA512

      33b9902b2cf1154d850779cd012c0285882e158b9d1422c54ea9400ca348686773b6bacb760171060d1a0e620f8ff4a26ecd889dea3c454e8fc5fa59b173832b

    • SSDEEP

      24576:j2gekcIlYas4GaAKBTZTkZbJ7YBRSjr2WLPcgjzTGlyz6F:jRvzfZT3XSmqcOTGc+F

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks