Overview

overview

10

Static

static

3

2024-07-24...er.exe

windows7-x64

10

2024-07-24...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-07-24_d3b98483fe1797a813c90c50f4766a36_avoslocker

  • Size

    1.9MB

  • Sample

    240724-mn68dssamk

  • MD5

    d3b98483fe1797a813c90c50f4766a36

  • SHA1

    521a0ad51c31c16f51b281676ccb3f57ebac0689

  • SHA256

    874cad3dbf057959b2c1f8c037f56fadffda7c3f8d80362c964a060941a7613c

  • SHA512

    194c6b47ef97d18f91ac34fc993b737e3af833fae43c3148434004e4b6c8edfa0e62ecc685be627d2708c15b702f38a053b47cd22333d638c5aafda64bfdd339

  • SSDEEP

    49152:cBhZayP3pgXWFVeVpPsQgw5stv/JWu/ALmVk+j4UUbIwL/+NkVxT4BVZvutzlsjM:c1ZFVeVpUnO

Score
10/10
asyncratmercenarios-orodiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

MERCENARIOS-ORO

C2

proyectoxman1.casacam.net:8010

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-07-24_d3b98483fe1797a813c90c50f4766a36_avoslocker

    • Size

      1.9MB

    • MD5

      d3b98483fe1797a813c90c50f4766a36

    • SHA1

      521a0ad51c31c16f51b281676ccb3f57ebac0689

    • SHA256

      874cad3dbf057959b2c1f8c037f56fadffda7c3f8d80362c964a060941a7613c

    • SHA512

      194c6b47ef97d18f91ac34fc993b737e3af833fae43c3148434004e4b6c8edfa0e62ecc685be627d2708c15b702f38a053b47cd22333d638c5aafda64bfdd339

    • SSDEEP

      49152:cBhZayP3pgXWFVeVpPsQgw5stv/JWu/ALmVk+j4UUbIwL/+NkVxT4BVZvutzlsjM:c1ZFVeVpUnO

    Score
    10/10
    asyncratmercenarios-orodiscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks