asyncrat

Resubmissions

30-05-2024 18:53

240530-xjnklagb6z 10

Sharing

Copy URL

Twitter E-mail

General

Target

03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO.REV
Size

6.7MB
Sample

240530-xjnklagb6z
MD5

e7f702dc462b1412f249ec88ef2fe805
SHA1

6f2bfea9cc30ce7b39d2a3c41f4964ed6271936b
SHA256

bd25554c274a03203a99a4bc55c6a8553edbcc7dbee5ec606eefbedd7f551e00
SHA512

e31375cc4c1e473c6a464df4ac03aa48f1699035d486cec8df6e363fc569724b8bfae792cf32aeb57b5f70d5cd95f8eae0ea162837b1d16d183c064b68e6a3d6
SSDEEP

98304:amQ3hjPu8RvZwCB9Y5h4LILfFBnk60LVqZAMpWB28gOsTW6bJo02GVAWgKeuYNbi:amaj2s5s5hlk60LMAMpSfkXbuG5ezBf6

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

enviofinal.kozow.com:5051

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
AnsyFelix
install_folder
%AppData%

aes.plain

Targets

- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO.REV
- Size
  
  6.7MB
- MD5
  
  e7f702dc462b1412f249ec88ef2fe805
- SHA1
  
  6f2bfea9cc30ce7b39d2a3c41f4964ed6271936b
- SHA256
  
  bd25554c274a03203a99a4bc55c6a8553edbcc7dbee5ec606eefbedd7f551e00
- SHA512
  
  e31375cc4c1e473c6a464df4ac03aa48f1699035d486cec8df6e363fc569724b8bfae792cf32aeb57b5f70d5cd95f8eae0ea162837b1d16d183c064b68e6a3d6
- SSDEEP
  
  98304:amQ3hjPu8RvZwCB9Y5h4LILfFBnk60LVqZAMpWB28gOsTW6bJo02GVAWgKeuYNbi:amaj2s5s5hlk60LMAMpSfkXbuG5ezBf6
Score

3^/10
behavioral1 behavioral2
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/01 PROCESO JUDICIAL JUZGADO.exe
- Size
  
  5.4MB
- MD5
  
  ad2735f096925010a53450cb4178c89e
- SHA1
  
  c6d65163c6315a642664f4eaec0fae9528549bfe
- SHA256
  
  4e775b5fafb4e6d89a4694f8694d2b8b540534bd4a52ff42f70095f1c929160e
- SHA512
  
  1868b22a7c5cba89545b06f010c09c5418b3d86039099d681eee9567c47208fdba3b89c6251cf03c964c58c805280d45ba9c3533125f6bd3e0bc067477e03ab9
- SSDEEP
  
  98304:o/zx+riUDpJowboU+XEsumY2XW6jBYeZ1ER:2x+riUDwUj12X1tY5
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/Qt5Core.dll
- Size
  
  6.0MB
- MD5
  
  41dc9ae1fd9ed3ac3a2b2b756b14a1e6
- SHA1
  
  ea9884197acaf277b47f59711edba22b100519fd
- SHA256
  
  97fe174f5d78a12e60b5528bb1b5cfaad33126c0e908f8d3d74ef054c850b5bc
- SHA512
  
  fb59a5502471a5eb4c94836eda73f6c8d6da1e5992ef98260dbaf571d09716f0241b0ab3c11bbff33813d66be7060a3dbe9cbed6af1cf43bbd96a2b19e147170
- SSDEEP
  
  98304:VE5jJSnL0VxTPnyEJsv6tWKFdu9Cs/CzYnxqfhgw:VE5NSn0x2EJsv6tWKFdu9CMkexqfhF
Score

1^/10
behavioral5 behavioral6
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/Qt5Network.dll
- Size
  
  1.3MB
- MD5
  
  c24c89879410889df656e3a961c59bcc
- SHA1
  
  25a9e4e545e86b0a5fe14ee0147746667892fabd
- SHA256
  
  739bedcfc8eb860927eb2057474be5b39518aaaa6703f9f85307a432fa1f236e
- SHA512
  
  0542c431049e4fd40619579062d206396bef2f6dadadbf9294619c918b9e6c96634dcd404b78c6045974295126ec35dd842c6ec8f42279d9598b57a751cd0034
- SSDEEP
  
  24576:HO51NG2bq1mhQpCR4SSUVxiKZiva+su3pUlSuMEFR+PoT0lqU:34hQoRpSUVYKZqvsu3pUlNMEePoT0E
Score

1^/10
behavioral7 behavioral8
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/Winrar/7z2301.exe
- Size
  
  1.2MB
- MD5
  
  1cfb215a6fb373ac33a38b1db320c178
- SHA1
  
  d5d00e6ea8b8e68ce7a704fd478dc950e543c25c
- SHA256
  
  9b6682255bed2e415bfa2ef75e7e0888158d1aaf79370defaa2e2a5f2b003a59
- SHA512
  
  462876f1f3ee932d3f0363fd65a4043ded53c82a148bbe7b8e939384f752f35d0761eebd71f407cadd0b66ce96f30dadb071e3bd2d12a257a8e0dad04a63532a
- SSDEEP
  
  24576:ifSpq8AF9zyUWnI2qSaNy3n6sHSgmOPXLyya7ctGDdvtl6bxj:ifTF3WIMWU6kSILyN7Bdr65
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral10 behavioral9
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/anesthesiology.ini
- Size
  
  49KB
- MD5
  
  b9e87107d06e2254c00ad9df942f1230
- SHA1
  
  1ff65597013ba51451d566412706d602ae76e585
- SHA256
  
  3d6eea36d854f539c04204a473ef65b3c8a11958ddc8816b72312e711c7d6fd3
- SHA512
  
  9c55ce069130fd49ba16c626be5a4603f5efde9891ebf451298dff8425f690e5dcab4743374eb273b08b365d2a058e8bdf593d46a5830b814560d00b2348e54f
- SSDEEP
  
  1536:s+lNdZYhe694C0ZSElmDEJzIV6p/+TTQRMy3:TlnGe66CEleopWTED
Score

1^/10
behavioral11 behavioral12
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/badge.dat
- Size
  
  539KB
- MD5
  
  977e56c922bc10fd4f789e7079cc8218
- SHA1
  
  0dfbfdcbfc48399b523311d8972757e6e63b007b
- SHA256
  
  1e79b769678d25f64b2766a975bbf2dcf604d9bfe552852d33fbcc6914384f01
- SHA512
  
  7173b5eac426e469e2a2ddd0af4c6ba372fef45b4883a53df6f81f4ffe5facfdc75afb5bc0922fa7c32c894507a563e6fad0805959780745e9aa08b32f8cf802
- SSDEEP
  
  12288:Vqi41JddcOxEI49/A7q8rh+An+bEyKPGwioNMCUD:ehnti/Oqihdn+EziojW
Score

3^/10
behavioral13 behavioral14
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/libcrypto-1_1-x64.dll
- Size
  
  2.7MB
- MD5
  
  28dea3e780552eb5c53b3b9b1f556628
- SHA1
  
  55dccd5b30ce0363e8ebdfeb1cca38d1289748b8
- SHA256
  
  52415829d85c06df8724a3d3d00c98f12beabf5d6f3cbad919ec8000841a86e8
- SHA512
  
  19dfe5f71901e43ea34d257f693ae1a36433dbdbcd7c9440d9b0f9eea24de65c4a8fe332f7b88144e1a719a6ba791c2048b4dd3e5b1ed0fdd4c813603ad35112
- SSDEEP
  
  49152:KlOh5PuX2I9Rkf5gnQ7duzGuqFCtLQ2IqNPz38JQ41CPwDv3uFfJ:Q2Irkn2Iqt38C41CPwDv3uFfJ
Score

1^/10
behavioral15 behavioral16
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/libssl-1_1-x64.dll
- Size
  
  669KB
- MD5
  
  4ad03043a32e9a1ef64115fc1ace5787
- SHA1
  
  352e0e3a628c8626cff7eed348221e889f6a25c4
- SHA256
  
  a0e43cbc4a2d8d39f225abd91980001b7b2b5001e8b2b8292537ae39b17b85d1
- SHA512
  
  edfae3660a5f19a9deda0375efba7261d211a74f1d8b6bf1a8440fed4619c4b747aca8301d221fd91230e7af1dab73123707cc6eda90e53eb8b6b80872689ba6
- SSDEEP
  
  12288:PcPPRr7K55yAAKDNkk1+cFc+CmRkS9/+wDe1rlXiE4D9u3AG3UQjA5WU2lvz:2N43+cFcmYhXixo7708U2lvz
Score

1^/10
behavioral17 behavioral18
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/msvcp140.dll
- Size
  
  564KB
- MD5
  
  1ba6d1cf0508775096f9e121a24e5863
- SHA1
  
  df552810d779476610da3c8b956cc921ed6c91ae
- SHA256
  
  74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
- SHA512
  
  9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af
- SSDEEP
  
  12288:RBSNvy11qsslnxU/1ceqHiNHlOp/2M+UHHZpDLO+r2VhQEKZm+jWodEEVAdm:RBSDOFQEKZm+jWodEE2dm
Score

1^/10
behavioral19 behavioral20
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/msvcp140_1.dll
- Size
  
  34KB
- MD5
  
  69d96e09a54fbc5cf92a0e084ab33856
- SHA1
  
  b4629d51b5c4d8d78ccb3370b40a850f735b8949
- SHA256
  
  a3a1199de32bbbc8318ec33e2e1ce556247d012851e4b367fe853a51e74ce4ee
- SHA512
  
  2087827137c473cdbec87789361ed34fad88c9fe80ef86b54e72aea891d91af50b17b7a603f9ae2060b3089ce9966fad6d7fbe22dee980c07ed491a75503f2cf
- SSDEEP
  
  384:z1vZLMtUYqOoKFYpWcm5gW/ki0pSt+eB+Hj+R9zUkUTRtHRN7SoHR9zui5TJ:zpCtzqOjKYWi0QKHji9zSRtnx9zJTJ
Score

1^/10
behavioral21 behavioral22
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/steam_api64.dll
- Size
  
  291KB
- MD5
  
  6b4ab6e60364c55f18a56a39021b74a6
- SHA1
  
  39cac2889d8ca497ee0d8434fc9f6966f18fa336
- SHA256
  
  1db3fd414039d3e5815a5721925dd2e0a3a9f2549603c6cab7c49b84966a1af3
- SHA512
  
  c08de8c6e331d13dfe868ab340e41552fc49123a9f782a5a63b95795d5d979e68b5a6ab171153978679c0791dc3e3809c883471a05864041ce60b240ccdd4c21
- SSDEEP
  
  3072:504VEQ2u/niy9UVLCe9ZqdrP+VXvv+sJYB2RHKBi65lhTbCc+hnvvEyP7yq+uei1:QZu/i874ZcrMv2cRh7yqO2CPLHxYq8/B
Score

1^/10
behavioral23 behavioral24
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/vcruntime140.dll
- Size
  
  106KB
- MD5
  
  49c96cecda5c6c660a107d378fdfc3d4
- SHA1
  
  00149b7a66723e3f0310f139489fe172f818ca8e
- SHA256
  
  69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc
- SHA512
  
  e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d
- SSDEEP
  
  1536:BcghDMWyjXZZIzpdbJhKm6Kuzu8fsecbq8uOFQr+zMtY+zA:BVHyQNdbJAKuzRsecbq8uOFvyU
Score

1^/10
behavioral25 behavioral26
- Target
  
  03- PROCESO JUDICIAL JUZGADO CIVIL 02 DEL CIRCUITO/vcruntime140_1.dll
- Size
  
  48KB
- MD5
  
  cf0a1c4776ffe23ada5e570fc36e39fe
- SHA1
  
  2050fadecc11550ad9bde0b542bcf87e19d37f1a
- SHA256
  
  6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47
- SHA512
  
  d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168
- SSDEEP
  
  768:a0Q4HUcGJZekJSam1BbuBSYcCZbiLzlSHji9z4GwZHji9znwT:afnDex5izbiLzlE+z4Gwl+zwT
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28