Overview

overview

10

Static

static

1

audiencia ...45.exe

windows7-x64

6

audiencia ...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07082024_0835_06082024_CITACION.tar

  • Size

    1.4MB

  • Sample

    240807-kg9zlayfjc

  • MD5

    04f354eff10f2eebf2a5bbaf9250c72a

  • SHA1

    3689e00d5ba11991050f9098ac7c92d7106290de

  • SHA256

    8c56c242f2e657020dc775d67bb5e7caf9110c247f8f295914419fa3d4d0ebea

  • SHA512

    49fe2ee83434c86fa265e17806894b0e5dcbcdcadfd6d8f3e21aca85ab812e8e39b3223ad6ef308f362ab4fe22a17d9b8f2c22c43a5be281ea081b3a0156c567

  • SSDEEP

    24576:0TjG/EwpNQymK++CN4b4La/Bggncnmgtq9RfgEYCw934+nv0KE10ZCi2:AjG/Ewt5b4G16QDDYCpKEM2

Score
10/10
asyncratdefaultdiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

dxpam.duckdns.org:5999

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      audiencia de conciliación extrajudicial 4875851245896325478451245.exe

    • Size

      4.9MB

    • MD5

      6a4bbf3b5eabe3a212c36cf545d80253

    • SHA1

      272837f140e3043de858467c8f7c3492b8d32f0a

    • SHA256

      f092b7606233d1512530c5680b4e4ea17212f24024374bfd96061cd7260a0ffa

    • SHA512

      5150c6b6e1fc127fba794f7f5e0b6ea8d4cfd066e3d0811cd0ff1d8297952db550eb1e47ed0e8109afb172b4dfb573f1c5eec1769164ead98c6737386f5038de

    • SSDEEP

      49152:Kuz9nCckM8wwGbtBiRFWSGqCW4FL5wslsAEL1ksS2NHsF3TjZ1S058qpMfoLI:KuRCwrb64XwWsAwFaFXj8qMQLI

    Score
    10/10
    discoverypersistenceasyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks