General
-
Target
CITACION DEMANDA.zip
-
Size
1005KB
-
Sample
240425-1tqz9aff76
-
MD5
7367c722535cc10bfb1345558a7c445f
-
SHA1
36c4ff893a628c3d4a7d12867c17a3f6b6f3cba6
-
SHA256
8dc7fa88285ed5466962a8a6f04941dc23d3f5d11398bd33ecb80973189f1a98
-
SHA512
b39bcec1a3c9a38a42635df8299ffdb4130587f44a4d61924dd7b169c668f8df0edb417fc67712bd8db21c3a769933942b00f6e61ff942577a71ee05c0167c43
-
SSDEEP
24576:Ig8DsRH9LWeZH4kLCFYEiiMovG0IoKDyGX:9HRnH/UYEnG0IoKRX
Static task
static1
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
POWERUP
powerup.dynuddns.net:6161
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
secure.exe
-
install_folder
%AppData%
Targets
-
-
Target
CITACION DEMANDA.zip
-
Size
1005KB
-
MD5
7367c722535cc10bfb1345558a7c445f
-
SHA1
36c4ff893a628c3d4a7d12867c17a3f6b6f3cba6
-
SHA256
8dc7fa88285ed5466962a8a6f04941dc23d3f5d11398bd33ecb80973189f1a98
-
SHA512
b39bcec1a3c9a38a42635df8299ffdb4130587f44a4d61924dd7b169c668f8df0edb417fc67712bd8db21c3a769933942b00f6e61ff942577a71ee05c0167c43
-
SSDEEP
24576:Ig8DsRH9LWeZH4kLCFYEiiMovG0IoKDyGX:9HRnH/UYEnG0IoKRX
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-