General

  • Target

    ALCALAPINTA2024DOCPDF03050001.UUE

  • Size

    630KB

  • Sample

    240312-2x153adc21

  • MD5

    d881f0de35ebf87aa3e1f1906bb80941

  • SHA1

    95376ad3fa1db8499d57281e73f21ab3b3d794eb

  • SHA256

    8594c6c25548b43de6f964b373a7b51311a08d2956df2f1371b09324c9500ba6

  • SHA512

    3da242f49860c6b45289ce4356ad783370497ca96bbc3c83586bcfcc90e82a71f9f2875d415ed85e008d313eb46b1b5382396bfbbbbc37096d909737e9378a25

  • SSDEEP

    12288:ZtY9ECk1EyiFhQGsCZTrVBh8qp6madD0V3wEEjGAhO+Q9aSy9:f0Idiv5HWqomSUAJjgaSW

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

TRIPLEAAA

C2

aobertoferndomip.con-ip.com:4041

Mutex

Cookies

Attributes
  • delay

    3

  • install

    false

  • install_file

    winu32.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ALCALAPINTA2024DOCPDF03050001.exe

    • Size

      923KB

    • MD5

      e075f42de7cf53e6e9fba534d7f0584e

    • SHA1

      94a71b9f70b2c56aa4a6251846956ce74586a9f8

    • SHA256

      80c4b5657c8f3dda5648415d86b839fd5b3074785124d325435cf002d5fa8e60

    • SHA512

      142d728e08082249eef646ae77b80d7e60fcdd652496dcaa3deacbc1ab45f018952348613374180cb7b820af3de4a0b6ae7958bff87cb79b3cc6dec2cc812307

    • SSDEEP

      24576:/gevJE3vbztaVeCIjDEe0D3zy6/BA/Tqz:/NE3vbztaeCeD8Dy6uqz

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks