General
-
Target
23042024_2346_23042024_Cotizacion.rar
-
Size
945B
-
Sample
240423-s7wtnahf2x
-
MD5
16752c05002bc51c0d7c1680d0833747
-
SHA1
808458f61ba74261a91e898387d480be6b9a79df
-
SHA256
52cd5a999463dc02d41c652972641807a097a44af335b6929600efdff82e6482
-
SHA512
d079f9844213974d6914541427d52cae0970e36e1fdbbf537c39c71f099eb879e39db93a7a624ffb6f917713652654e5c50df1f1777d964f9ee094707a40e926
Static task
static1
Behavioral task
behavioral1
Sample
Cotizacion/Cotizacion.lnk
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Cotizacion/Cotizacion.lnk
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://www.tequilacofradiamx.com/asynakjbdfhbslnfvsbdfvsldbggfbgdf/akhfbvhakfbvgbqakfwbhrkbhrfbahsbrhkgfsg/gbdgbdfnkduyhythetyjtewhryjehryutujjrywhrtywrj/wgfhdyhye.exe
Extracted
asyncrat
0.5.7B
DefaultECS1
milojkbgzkjbnkjzgs.sytes.net:7707
milojkbgzkjbnkjzgs.sytes.net:8808
milojkbgzkjbnkjzgs.sytes.net:8764
fanejkbdfjgjzgfzjhzdod.sytes.net:7707
fanejkbdfjgjzgfzjhzdod.sytes.net:8808
fanejkbdfjgjzgfzjhzdod.sytes.net:8764
AsyncMutex_6SI8OkPnk
-
delay
650
-
install
true
-
install_file
ecs.exe
-
install_folder
%AppData%
Targets
-
-
Target
Cotizacion/Cotizacion.lnk.lnk
-
Size
2KB
-
MD5
505e2fb3a3f142707e0a6fdc98ae10a1
-
SHA1
ddbfbc9dc172d76783f468362bcf1ead9ff95d65
-
SHA256
aa2bb7d5e26d7dda898737e630e3091c34c0d78cc0ec9e63b6ab5e3b2d0aacfa
-
SHA512
c4aa7cafcf3c5f51a61c25be1c451963a5b2defb9300397fe8f835f1643b0bc1b1e78c07b6f0b64d3afecb7aa40b24ccd0c52f8d01d4d2efebe56c6e41c1e2f9
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-