General

  • Target

    DOCRAD0404INFOPDF2024RAD001-1.rar

  • Size

    2.2MB

  • Sample

    240404-13rm5sbd6z

  • MD5

    d262b8731d5ca9a5761d2b00e8d9011f

  • SHA1

    d6d7d4f7c2623be8053bba0cb96cf2b5bea03a15

  • SHA256

    f510efc6561aad00a30b24509f39f2ea7dce23d4a17059b0786f646926eefb92

  • SHA512

    bd261c06c587811e1a47a6d77e1593a5cd4044053992048b44db77bbd921a4b949b95dcb232f921250efea4cfafb534913db3e5e930af5db63b21969bf067939

  • SSDEEP

    49152:U2P1FwijEzOOZJfmmZKQQa9rNlh8l53SXatOaPR:U2dCz/bYzaVNPS5CyOu

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

MASTER01

C2

armadnocaballerodominio.con-ip.com:4041

Mutex

Cookies

Attributes
  • delay

    3

  • install

    false

  • install_file

    winu32.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      DOCRAD0404INFOPDF2024RAD001.exe

    • Size

      2.3MB

    • MD5

      7a3e38c1d1aa89b1ba410ea0b4fed94b

    • SHA1

      e76e606997a59ef8e0c5a09f61d8dc698683fbbd

    • SHA256

      b219c4089fa80f02dd5ba6b280c0a3794af9cacf7460d090f23a56fb100d558c

    • SHA512

      8a50c9885ff5910062fd5e2669f236364eca17256354fe843ec845e346c58dedba9dbccfd6dd58d2b5641302fff1fca67c689e2e1a2de9fd7ac21cf146150a48

    • SSDEEP

      49152:/iOLTDTfqd1EPVXhbY7OIRF19/z3KH9a2ewNT0IciZYp:9LTnfqIphbY6EFP/z3oa2PNT0Ici6p

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks