General
-
Target
Documento_Legal_Procesado_N#456789098765.tar
-
Size
1.4MB
-
Sample
240605-ye3dmagf42
-
MD5
c3d9a18cadb8576fe18635d34f677174
-
SHA1
36e49b80747a05f3aca1de6a23a1f20d7f16f438
-
SHA256
2bb33982a96914e407b4fc2a6775869a03dc014b1fd73c135e70ec892d9f9920
-
SHA512
54d75de9d83f658fc2ac2267d4d4c5c3852aa353e08422e1fafdf3c0113c39b24cff5d770459d4a7334713e2228c102499dc9045298cef2cc57a5b4f3432f01f
-
SSDEEP
24576:cv62l1GJMs8KpdvuhdzT9Qzmc6/gSLEpI8L31N0n6zRmXe8V/wP:/UIOsDpdvqdzTdcvSQa8T1N06zRkwP
Malware Config
Extracted
asyncrat
1.0.7
05Junio
diosayudamesenor.dynuddns.net:22207
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Documento_Legal_Procesado_N#456789098765.tar
-
Size
1.4MB
-
MD5
c3d9a18cadb8576fe18635d34f677174
-
SHA1
36e49b80747a05f3aca1de6a23a1f20d7f16f438
-
SHA256
2bb33982a96914e407b4fc2a6775869a03dc014b1fd73c135e70ec892d9f9920
-
SHA512
54d75de9d83f658fc2ac2267d4d4c5c3852aa353e08422e1fafdf3c0113c39b24cff5d770459d4a7334713e2228c102499dc9045298cef2cc57a5b4f3432f01f
-
SSDEEP
24576:cv62l1GJMs8KpdvuhdzT9Qzmc6/gSLEpI8L31N0n6zRmXe8V/wP:/UIOsDpdvqdzTdcvSQa8T1N06zRkwP
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
Documento_Legal_Procesado_N#456789098765..exe
-
Size
15.0MB
-
MD5
c330c57eefd57b2ee73284b107322a0e
-
SHA1
1d0e26f2e5c7849a68a11bdce1aad02c01f81c1c
-
SHA256
520cbb6a6e4072968c9e1d0246abb1631927bd9696387326c3188c6ce420cfc7
-
SHA512
7651abde25704e9cc9f3b6065c742af90eeb2068cc3935bfc42178759af29422e6e51e4690ea007eed4af7f6cf2c51e20e1673ef8c63e96bc84418567188095a
-
SSDEEP
49152:t8TSsDGJtHWhHB+IzxGiTN4H4s0BreuCtsFZ/z6jtzXZIXb6R3FNuojgMdEIbNVU:KTSsDGJMYIzIWL4uCa+y+g3eQl9
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-