General

  • Target

    Acta; Proceso Informativo; Nro-08800411515052211-74 Acta Detellado #0079327788667772-2.exe

  • Size

    5.4MB

  • Sample

    240404-teqmlsce96

  • MD5

    e845e389a77d91d7cee1f9083c217576

  • SHA1

    32012607cd749f4360260862e1c52772d144100e

  • SHA256

    dcf90d69b4a83839e6b741986745c373a2c386a1a5518cab19133fda1f7f6e16

  • SHA512

    e2cb38b53e9c37aefeab7b74b6f8327d9302c3ac43d359a532536606204a01832d678f564cb3ed69f8b028e1129bef11bcb266c787e8004cb07ea3be47961e74

  • SSDEEP

    98304:PuOH/DmnPC7YCJ4jsdd1grzHcp8214+5OeyRE3:PuOH/an67JJ4jYdiz7C3

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

NEW ENVIO -04

C2

preferenciales12.duckdns.org:7090

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Acta; Proceso Informativo; Nro-08800411515052211-74 Acta Detellado #0079327788667772-2.exe

    • Size

      5.4MB

    • MD5

      e845e389a77d91d7cee1f9083c217576

    • SHA1

      32012607cd749f4360260862e1c52772d144100e

    • SHA256

      dcf90d69b4a83839e6b741986745c373a2c386a1a5518cab19133fda1f7f6e16

    • SHA512

      e2cb38b53e9c37aefeab7b74b6f8327d9302c3ac43d359a532536606204a01832d678f564cb3ed69f8b028e1129bef11bcb266c787e8004cb07ea3be47961e74

    • SSDEEP

      98304:PuOH/DmnPC7YCJ4jsdd1grzHcp8214+5OeyRE3:PuOH/an67JJ4jYdiz7C3

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks