Overview

overview

10

Static

static

3

2024-07-24...er.exe

windows7-x64

10

2024-07-24...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-07-24_21bf3c8f22597853b3b74da6a5063a68_avoslocker

  • Size

    10.0MB

  • Sample

    240724-1j833s1gqg

  • MD5

    21bf3c8f22597853b3b74da6a5063a68

  • SHA1

    df0f9cd633197d9f6b5ce24e19d1f558f802d94f

  • SHA256

    59ac6b70725a97f04ae106fa7f24c238bbfeacf34e87af40be8ed91a8bcd5d3a

  • SHA512

    a327ee1325a190552cd2b92129337db5bc8d5d6e8d7c8079a532e33829eb71a953dad0e3eb0a39c4fc5d31a3596971bbeab1aa857fc23b39eb1d7043a3bd55dd

  • SSDEEP

    49152:cBhZayP3pgXWFVeVpPsQgw5stv/JWu/ALmVk+j4UUbIwL/+NkVxT4BVZvutzlsjv:c1ZFVeVpUn

Score
10/10
asyncratmercenarios-orodiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

MERCENARIOS-ORO

C2

proyectoxman1.casacam.net:8010

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-07-24_21bf3c8f22597853b3b74da6a5063a68_avoslocker

    • Size

      10.0MB

    • MD5

      21bf3c8f22597853b3b74da6a5063a68

    • SHA1

      df0f9cd633197d9f6b5ce24e19d1f558f802d94f

    • SHA256

      59ac6b70725a97f04ae106fa7f24c238bbfeacf34e87af40be8ed91a8bcd5d3a

    • SHA512

      a327ee1325a190552cd2b92129337db5bc8d5d6e8d7c8079a532e33829eb71a953dad0e3eb0a39c4fc5d31a3596971bbeab1aa857fc23b39eb1d7043a3bd55dd

    • SSDEEP

      49152:cBhZayP3pgXWFVeVpPsQgw5stv/JWu/ALmVk+j4UUbIwL/+NkVxT4BVZvutzlsjv:c1ZFVeVpUn

    Score
    10/10
    asyncratmercenarios-orodiscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks