Overview

overview

10

Static

static

1

ID00909070...F.html

windows10-2004-x64

10

ID00909070...F.html

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ID00909070698876REF.html

  • Size

    38KB

  • Sample

    240605-levybsbh5y

  • MD5

    ae20bf7dc971eaf3baff98970fce8cb2

  • SHA1

    1367deb42f51802b8f26aed6bb70c3693d11fe28

  • SHA256

    03a8ee56974fba344c0fa959ca3bca575406711b80ac8785bbc7527a0cc90987

  • SHA512

    4ab6ba5d3e7d5b787601afec0ead866d96215c5102e8c1feb4a041dafaa2ff98505b9b95e87bef59e49b2201dd6dddd3696ee7ced8ba268cf7793d54aa0c9a4b

  • SSDEEP

    768:agU+hrUErW80pis06X8opRTb10WBPEu/8jQ1mhsZeEmL142iWJ5er:agUcvWTiVMpRTbVkQ178Lre

Score
10/10
asyncrat((((_atendimento_))))rat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://detail-booking.com.br/new.pdf

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

((((_ATENDIMENTO_))))

C2

cdt2023.ddns.net:6606

cdt2023.ddns.net:7707

cdt2023.ddns.net:8808

cdt2023.ddns.net:3313

cdt2023.ddns.net:3314

cdt2023.ddns.net:9441

cdt2023.ddns.net:9442

cdt2023.ddns.net:9443

cdt2023.ddns.net:2900

cdt2023.ddns.net:1018

cdt2023.ddns.net:2019

cdt2023.ddns.net:2020

cdt2023.ddns.net:2021

cdt2023.ddns.net:5155

cdt2023.ddns.net:6666

cdt2023.ddns.net:9999

cdt2023.ddns.net:5505

chromedata.accesscam.org:6606

chromedata.accesscam.org:7707

chromedata.accesscam.org:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ID00909070698876REF.html

    • Size

      38KB

    • MD5

      ae20bf7dc971eaf3baff98970fce8cb2

    • SHA1

      1367deb42f51802b8f26aed6bb70c3693d11fe28

    • SHA256

      03a8ee56974fba344c0fa959ca3bca575406711b80ac8785bbc7527a0cc90987

    • SHA512

      4ab6ba5d3e7d5b787601afec0ead866d96215c5102e8c1feb4a041dafaa2ff98505b9b95e87bef59e49b2201dd6dddd3696ee7ced8ba268cf7793d54aa0c9a4b

    • SSDEEP

      768:agU+hrUErW80pis06X8opRTb10WBPEu/8jQ1mhsZeEmL142iWJ5er:agUcvWTiVMpRTbVkQ178Lre

    Score
    10/10
    asyncrat((((_atendimento_))))rat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks