asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

1+NOTIFICACIONES+DEMANDA+JUDICIAL+-JUZGADO+02+PROMISCUO.+RAMA+JUDICIAL+1+.zip
Size

2.5MB
Sample

240816-yba5zasfqg
MD5

13a1682b8e1cd48ae17a60012d98276e
SHA1

a6ee9601650053d8658bb4fe7ba04a72df50989a
SHA256

a2d2a870dcf08025d14231bce28ceea696fa3c2889fd36e8809f847edceb86a8
SHA512

72c47ba683784db7a770429b4145f542e73a59932f111cd013107a97b2469a926e1856b373372dc71491051d1a28021397bd2ee991d58ba9e25706206352a685
SSDEEP

49152:a9XZxDqqvwgZQikd48hhRu6HldPHHHJyWhhxgoLCNm0:oqqVQb5himldvJ9h4oWr

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

melo2024.kozow.com:8000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
AnsyFelix
install_folder
%AppData%

aes.plain

Targets

- Target
  
  NOTIFICACIONES DEMANDA JUDICIAL -JUZGADO 02 PROMISCUO. RAMA JUDICIAL/01-NOTIFICACION DEMANDA.exe
- Size
  
  2.2MB
- MD5
  
  d9530ecee42acccfd3871672a511bc9e
- SHA1
  
  89b4d2406f1294bd699ef231a4def5f495f12778
- SHA256
  
  81e04f9a131534acc0e9de08718c062d3d74c80c7f168ec7e699cd4b2bd0f280
- SHA512
  
  d5f048ea995affdf9893ec4c5ac5eb188b6714f5b6712e0b5a316702033421b145b8ee6a62d303eb4576bf8f57273ff35c5d675807563a31157136f79d8a9980
- SSDEEP
  
  49152:rHOut2Bf0ajIM8XEEN6N0rE/I/vqn7krQEQusd5F:VbaMbXbE/I/SnwrQEQusd/
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  NOTIFICACIONES DEMANDA JUDICIAL -JUZGADO 02 PROMISCUO. RAMA JUDICIAL/bikini.pptx
- Size
  
  70KB
- MD5
  
  24fec7f3f13b3a944e02878b284cdd2f
- SHA1
  
  7e5d135c16e8d7558e18b778224fc55c3ac35d26
- SHA256
  
  64ce8379e4d91d2ba599e7b643399c67f6d256c8513feb97dc24c404ef752ea7
- SHA512
  
  7594696fb51916ee30855cc513f028bc491c62d63a524f43a2de89d661ca7fab58ae2cff6208aa50f8a4b8998dc89e8c512109a43cf9aca629a8a79ab257b080
- SSDEEP
  
  1536:WghD5gv2J3lzVYA3TmtFZ5LyGXqV1hJEHaBNskwdd7Uh8:WgQvIyPtF72zvhak0dd7
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  NOTIFICACIONES DEMANDA JUDICIAL -JUZGADO 02 PROMISCUO. RAMA JUDICIAL/d3dx9_43.dll
- Size
  
  1.9MB
- MD5
  
  4e83bd565288ac5cb4589013c344b11e
- SHA1
  
  f80fe88f16e3561e0d2b14b1b6a45025e8a429df
- SHA256
  
  e4ec839c88be62251023c1781999bbc7dd6061965a3ed4db174dfc6c3991e520
- SHA512
  
  38f081b41f035b5a40d2885d58aec72623b4262f0b32204d527b7911f077fe670945895fa7a9041657700c3535a0c2e9abe9e77994dba1bd5f13773ac82c52cc
- SSDEEP
  
  24576:uaUU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBY:uQ66l2u45BiNYFrz31Cv3D29kd6k71
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  NOTIFICACIONES DEMANDA JUDICIAL -JUZGADO 02 PROMISCUO. RAMA JUDICIAL/davit.xlsx
- Size
  
  649KB
- MD5
  
  4a92225753b7c8b2c642b78e0cb63a37
- SHA1
  
  122934746f999441dc8a4f4d8df072f6bd5f330b
- SHA256
  
  5477c4b6eb57c501ae413b3422a64170bbd908482fc1a5073d75073499051fe4
- SHA512
  
  039a5442611cc0909500fba892c462c64ff6981e16cf8b97a47e1a1591739fd4463202ea564e8cad9704bc769e014bdcccaae90942efbbf8135f994cfc25b763
- SSDEEP
  
  12288:ICD4FKntidwNox338nPogRIXC9NTupso1GLntoPgp:nD41ZxH8PtIyfuaCGLtV
Score

3^/10

discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8