General

  • Target

    ANEXOS POR ENTE 2814629814815718645718465710846597201846597821406597804216956041285974218609572135465.rar

  • Size

    965KB

  • Sample

    240818-s1x35stcnj

  • MD5

    af0f3eeb7c34472f2b8c2a74d966b815

  • SHA1

    c471cb4d2aebc5fd17a5268856c8f78d1f52c0fa

  • SHA256

    b949f5669c31e0eae2ab38705a88ca05186d8e661e1b0965311a243a5f159412

  • SHA512

    0cde649113bbf387a823a3eed9a26550643b13c65be459e0fc4ef84da9f6c898a41c4c5811f6999fdb97f48dabf2b42efc35bcb15aeb043398b603bd12de0cd6

  • SSDEEP

    24576:1XjL9OupujF1OtiaahEdrgbCsNsg4BuiAsed:1XHtpujF+aYINSg4D4d

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

FURIOSO

C2

furioso.con-ip.com:6606

Mutex

uuooxuxbnkywum

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ANEXOS POR ENTE 2814629814815718645718465710846597201846597821406597804216956041285974218609572135465.rar

    • Size

      965KB

    • MD5

      af0f3eeb7c34472f2b8c2a74d966b815

    • SHA1

      c471cb4d2aebc5fd17a5268856c8f78d1f52c0fa

    • SHA256

      b949f5669c31e0eae2ab38705a88ca05186d8e661e1b0965311a243a5f159412

    • SHA512

      0cde649113bbf387a823a3eed9a26550643b13c65be459e0fc4ef84da9f6c898a41c4c5811f6999fdb97f48dabf2b42efc35bcb15aeb043398b603bd12de0cd6

    • SSDEEP

      24576:1XjL9OupujF1OtiaahEdrgbCsNsg4BuiAsed:1XHtpujF+aYINSg4D4d

    Score
    3/10
    • Target

      ANEXOS POR ENTE 2814629814815718645718465710846597201846597821406597804216956041285974218609572135465.exe

    • Size

      1.1MB

    • MD5

      2230841a64ab962447575dae04849d67

    • SHA1

      1ab7790add84fc1d6b919dc0652f4a7b0ae0925e

    • SHA256

      a8e8625363e9a40361b57f59e493291a20f95236095f3cb45263758685df410f

    • SHA512

      5393da9c3d09f66466e2eeb8349ea6fd6809f4e29070b82c91b1e0d83f22bc00943e0fe231293c48fde12969cdbc65afd00bdd2573eddf2684080a660286c1da

    • SSDEEP

      24576:nhQRY7mtnIcYEC+Iv9oydRZDmbZo0UkYtOzCon69fcIn7:ktn/YEWv9TdRZqbm7dseJ

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks