General

  • Target

    Noviembre Factura.exe

  • Size

    2.0MB

  • Sample

    240131-kv1m3sgga9

  • MD5

    6b2b82774ca1bc161170a2a803638387

  • SHA1

    90ed4f5d751c48ce094813b9971af6b42ccd83ad

  • SHA256

    40b2c8937a96f8c487a16197cbdd1394d12fba0141571f8b529f94c87f5e56c6

  • SHA512

    9e992b11011df9464b8a36ced23db41e565e9896c156d10cde2b6c375242c8daaf4f7a796424818c42cb08b39d152aa287a2a477c405a65db35449c1206cbb4d

  • SSDEEP

    49152:o3TAXbGranK0EOOY+2sduESYKgmSvReju+txoZAmAc:o3UXbGra+OodXNmSpeq0xUdA

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

172.94.32.33:6606

172.94.32.33:7707

172.94.32.33:8808

172.94.32.33:8881

Mutex

Aln2RDZhMnvc

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Noviembre Factura.exe

    • Size

      2.0MB

    • MD5

      6b2b82774ca1bc161170a2a803638387

    • SHA1

      90ed4f5d751c48ce094813b9971af6b42ccd83ad

    • SHA256

      40b2c8937a96f8c487a16197cbdd1394d12fba0141571f8b529f94c87f5e56c6

    • SHA512

      9e992b11011df9464b8a36ced23db41e565e9896c156d10cde2b6c375242c8daaf4f7a796424818c42cb08b39d152aa287a2a477c405a65db35449c1206cbb4d

    • SSDEEP

      49152:o3TAXbGranK0EOOY+2sduESYKgmSvReju+txoZAmAc:o3UXbGra+OodXNmSpeq0xUdA

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks