asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO.zip
Size

5.5MB
Sample

240723-vv65zatdke
MD5

cf7dc1a262de5723db3cb163bd3d8074
SHA1

0822ab83c57e4f005ba63099245cbb321f3aa1b8
SHA256

793c1207412cf6dcc05a36669d440f8758007473494c87255a6ad36b47656894
SHA512

77ca5ef5ba86ce8f1a7c2fd5421198c05bcae685caa6ee97d2cff9c17cfa389c7633c7a418f44755467869c73ad1a338853a824cc74ab5f99ecf52c3884fa1db
SSDEEP

98304:q6PLLXrGzp96y+SSeluWL+jmMQTFsamaLo4dsCQHozGNDSns9u3IHu4kStH2rBGK:VnXrGv6y+SAWs46cU4qczGNGsgIHpkZJ

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

bleesd.kozow.com:6969

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO.zip
- Size
  
  5.5MB
- MD5
  
  cf7dc1a262de5723db3cb163bd3d8074
- SHA1
  
  0822ab83c57e4f005ba63099245cbb321f3aa1b8
- SHA256
  
  793c1207412cf6dcc05a36669d440f8758007473494c87255a6ad36b47656894
- SHA512
  
  77ca5ef5ba86ce8f1a7c2fd5421198c05bcae685caa6ee97d2cff9c17cfa389c7633c7a418f44755467869c73ad1a338853a824cc74ab5f99ecf52c3884fa1db
- SSDEEP
  
  98304:q6PLLXrGzp96y+SSeluWL+jmMQTFsamaLo4dsCQHozGNDSns9u3IHu4kStH2rBGK:VnXrGv6y+SAWs46cU4qczGNGsgIHpkZJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/02 CITACION DEMANDA.exe
- Size
  
  2.3MB
- MD5
  
  5d52ef45b6e5bf144307a84c2af1581b
- SHA1
  
  414a899ec327d4a9daa53983544245b209f25142
- SHA256
  
  26a24d3b0206c6808615c7049859c2fe62c4dcd87e7858be40ae8112b0482616
- SHA512
  
  458f47c1e4ccf41edaacc57abb663ee77ca098fffc596fad941bbdea67653aeabc79b34d607078b9ee5adb45614e26f5c28a09e8faf9532081fdd5dec9ac3c48
- SSDEEP
  
  49152:DzO+g39FbI0eQf/Z3CarWedoYAmXviDTMtT2wkqN5K:DzO19Fnf/hdoYAm9ZkqN5K
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/OperaSetup.exe
- Size
  
  2.6MB
- MD5
  
  71b3c6bb3ca386072e173a17cf720cf3
- SHA1
  
  586a107da171e32770164b4f9c627a04665df140
- SHA256
  
  8f4605e8841a45137cfebc68b149ed7bef4fb6cc0ca53e6ecdf7a5eb56d04b4b
- SHA512
  
  f927d19593680519347d74958dfb6d798fd1c25c215236840b823e4a68a1a63102771b3290d73fb6264a7893590b60220644ca2e90b76afad700b169057bef75
- SSDEEP
  
  49152:iJ33Y9YCBrwHs92lWrB1/8dVxLorTMQh4V+bntpC4qh11pmoV8h3k1S1IMhbhgJJ:e0YuMM4oFeorZ4KM4I1pmw8h3kcyEbhC
Score

8^/10

discovery upx spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  out.upx
- Size
  
  4.8MB
- MD5
  
  4249fb6e3fdefc6171d0f089bfcebd0b
- SHA1
  
  e6f2a09074e3b29beb352bfdbebcd5556f62357f
- SHA256
  
  e1e655cfa726313ae1a9c3d3356b05c458806f17ad3081b493917e2bd865faae
- SHA512
  
  58e53f41e367fbea14484641b0632ec6e0c7fdd221890ca741c1bc5c975f27ea9b9eb8d68fca6b1600709709dc9394a56c464be58e51994e162ef21c32da1362
- SSDEEP
  
  98304:Vntlm6666666666666666666666666666666x666666666666666fwwwwwwwwwwb:W4Xx0djW+UyQ6rjnHqtJRn7ZrHzq8QVm
Score

1^/10
behavioral7 behavioral8
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/aigret.eps
- Size
  
  648KB
- MD5
  
  3951607ae74fff3e3b06e4d87882f55e
- SHA1
  
  24ef32f3db8fa99117a1bae23f29b81fe5ee33e6
- SHA256
  
  ca63776696ef24d6c0ab13d102c014fd702a5c60f39b6b44f2cd6bac04f72093
- SHA512
  
  c77b245db5e5c274f0ff9234f1487529957ad05b2a8eb13eed4e7e6acce9384d9f71b3d92866a08013f6600899e70061ef20aedbb4c99e34b496df2a973b05a3
- SSDEEP
  
  12288:dQhb+Lq+eivf4spCU5ibKumY5V2tg+RJfyEmbEs4aGTUv6orTIsY/dH:7eFivfj/5ibKulV2CA5UExOLIvVH
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/barrette.accdb
- Size
  
  17KB
- MD5
  
  3de728173727b206fe14724ba05a28c2
- SHA1
  
  407ca05387c9fc1ac22cd409df1f0899d49a7cde
- SHA256
  
  f923b85549cf4d2f87c11f4cdeb5abb408974aea8235aa68acc849736ebdde28
- SHA512
  
  33b6e43f6bdaf31b7387ffa683e9581afb4d9b170767e6c6a51180608568db9675fb16643ff462dfd53c6ca76789902553d9bb6e834734fbd8ce4f8726b76206
- SSDEEP
  
  384:moEH9+fB4OMKekS2JF9v3nd9wS+MdogIKR9ZEvUGDcMdMzGjVP:DEH9KfMKQWzv3dJPogIKR9iUWc/ajVP
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/madbasic_.bpl
- Size
  
  210KB
- MD5
  
  e03a0056e75d3a5707ba199bc2ea701f
- SHA1
  
  bf40ab316e65eb17a58e70a3f0ca8426f44f5bef
- SHA256
  
  7826395127e791a883359ea81308174700da0af8052cc9853b19fd29c2e4badb
- SHA512
  
  b0a3cfb6b34832f048fe0fc70c6fa76ae16a2cacda930f6529a83a967d6e8de1c69b93e0de3dc2126c5385d85e814687e695a0a4131399a69633141cad98da2a
- SSDEEP
  
  6144:6N/kSQxE6qeM/k4qTl5L5e5+53WCG1CbF/FrfGx:JqeM/k4qR5L5e5+53WulZGx
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/maddisAsm_.bpl
- Size
  
  63KB
- MD5
  
  ef3b47b2ea3884914c13c778ff29eb5b
- SHA1
  
  dc2b1fa7c7547d8f1ad3f20f9060f7bc686118e0
- SHA256
  
  475f7cdffd8ed4d6f52bd98ae2bb684f1c923a1be2a692757a9af788a39b1d87
- SHA512
  
  9648d951d8d3640436c8029fd0f06786f7ff8f52191cd6959569c87868bb6c40ac8c7e495c09377a8a5c85e8d3942551c37eb84e916b5c16327d8d43a167820e
- SSDEEP
  
  1536:eNy3eqMne0sXB0IWtCLwEJhY0w1K7fixStj7wyis:CqMnfIB04LwEJhY0w1K7zzj
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/madexcept_.bpl
- Size
  
  436KB
- MD5
  
  98e59596edd9b888d906c5409e515803
- SHA1
  
  b79d73967a2df21d00740bc77ccebda061b44ab6
- SHA256
  
  a6ca13af74a64e4ab5ebb2d12b757cecf1a683cb9cd0ae7906db1b4b2c8a90c0
- SHA512
  
  ba617227849d2eb3285395e2d1babfe01902be143144be895011f0389f1860d0d7f08c6bbc4d461384eba270f866cce3351f52af1dc9ef9719c677619de79e42
- SSDEEP
  
  6144:1lAz49EKhEV30F8sl88nTjQ4Q50gEcW/jd+o72niVUNMa4Yn2g:1lG4ut30F8slzYlQcW/jd++2nJ6u2g
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/rtl120.bpl
- Size
  
  1.1MB
- MD5
  
  1681f93e11a7ed23612a55bcef7f1023
- SHA1
  
  9b378bbdb287ebd7596944bce36b6156caa9ff7d
- SHA256
  
  7ed5369fcf0283ea18974c43dbff80e6006b155b76da7c72fa9619eb03f54cef
- SHA512
  
  726e8f58648a6abaf1f2d5bebcf28c1d8320551a3b6e7eef0cf8d99f9ef941e30e7004c24c98e9b5e931a86128d26de7decba202390665a005e972dcbe87ab93
- SSDEEP
  
  24576:3bhz5FWbA1msvIRzM7Rk5JZzSQ4+Is2D9Tx0gboN:Q2hTKgboN
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/vcl120.bpl
- Size
  
  1.9MB
- MD5
  
  1384dcc24a52cf63786848c0ed4a4d1b
- SHA1
  
  ea63180c94ea2d0417ad1860128980dd18c922ef
- SHA256
  
  d19f51871484cc4a737196bdb048193ad73f7f6bd061ec813766516eba26e406
- SHA512
  
  d405911672e3ea7abcbc898d7b807b9bc1dcbf4f83663d70bd8adab075960cf3d904b2710adbdafbcbb99ba4a41b9a40c64b7171e845255a91a042871b1ce8a3
- SSDEEP
  
  24576:74gt8PRUMggrgN/5tWw+eNVEXZB5SOCwhuuYY8RP6S9YMPY5yz6I:7vSf0Ww+NpPSyzYY8I8YMPY4+I
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  02-CITACION DEMANADA-JUZGADO 01 PROMISCUO DEL CIRCUITO/vclx120.bpl
- Size
  
  222KB
- MD5
  
  3cb8f7606940c9b51c45ebaeb84af728
- SHA1
  
  7f33a8b5f8f7210bd93b330c5e27a1e70b22f57b
- SHA256
  
  2feec33d1e3f3d69c717f4528b8f7f5c030caae6fb37c2100cb0b5341367d053
- SHA512
  
  7559cdf6c8dbea052242f3b8129979f7d2d283f84040f1d68ae10438548072715a56a5af88b8562aeea7143194e7c5bddac3fdb01ded411a0b1cac9f0c6eef3f
- SSDEEP
  
  3072:K4af8kXL6nX0YXjvkWQ5vYhbNkWPFOEJ8YZbjeTl0Y25zFgYBzRKy6sB65avEtAA:baf8kLWL7Xov8bNxdOmrfgYmHA6h
Score

3^/10

discovery
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24