asyncrat

Resubmissions

17-10-2024 17:13

241017-vrvb1awdmb 10

Sharing

Copy URL

Twitter E-mail

General

Target

Validación correo malicioso o SPAM(1).eml
Size

35KB
Sample

241017-vrvb1awdmb
MD5

4a17072e1d51f16e1c6d5c3a213926b2
SHA1

9aaef567835ff22e485f7ecdd35b36bc1e10075a
SHA256

f2624c49b428fdedc12def0ad228758838fa95ff84ca3194b555d15b7ad67acd
SHA512

738de31b526ca479ddfc55718f18ec302f6f64f062c14d7acf92707725adbc8b0e789a99d6b8e35391d27a542a1f1d5908b59e3bb88af70ff93e0d52ba31af98
SSDEEP

768:cHIn6NjRL9XtpF2rznNnMnQ31Y7Zear/7cOcv6UI:cHHJRJXtlnQOvlcc

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pastebin.com/raw/Adv9gBHa

exe.dropper

https://pastebin.com/raw/Adv9gBHa

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pastebin.com/raw/Adv9gBHa

exe.dropper

https://pastebin.com/raw/Adv9gBHa

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pastebin.com/raw/Adv9gBHa

exe.dropper

https://pastebin.com/raw/Adv9gBHa

Extracted

Family

asyncrat

Version

1.0.7

Botnet

septiembre20

peinadorafael777.duckdns.org:2013

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

20agosto

carlitosmoreno1791.duckdns.org:2017

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

carlitosmoreno1794.duckdns.org:2019

Mutex

bde06c84e1de4b23b

Attributes

reg_key
bde06c84e1de4b23b
splitter
@!#&^%$

Targets

- Target
  
  Validación correo malicioso o SPAM(1).eml
- Size
  
  35KB
- MD5
  
  4a17072e1d51f16e1c6d5c3a213926b2
- SHA1
  
  9aaef567835ff22e485f7ecdd35b36bc1e10075a
- SHA256
  
  f2624c49b428fdedc12def0ad228758838fa95ff84ca3194b555d15b7ad67acd
- SHA512
  
  738de31b526ca479ddfc55718f18ec302f6f64f062c14d7acf92707725adbc8b0e789a99d6b8e35391d27a542a1f1d5908b59e3bb88af70ff93e0d52ba31af98
- SSDEEP
  
  768:cHIn6NjRL9XtpF2rznNnMnQ31Y7Zear/7cOcv6UI:cHHJRJXtlnQOvlcc
Score

5^/10

discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  attachment-3
- Size
  
  18KB
- MD5
  
  103afa82053ce0802035dcabd54973ec
- SHA1
  
  4acc5c297566be252ea624e19f29c59ef17a3ba9
- SHA256
  
  425f50f41e912666779bed290ea877584f94e8e708777f534422fe75d448eb9b
- SHA512
  
  5635ae3013ef677c2a2cbc1c751cc29762e7a74d5f48c7cc9a35acb14c627ca9ae8b2725f78647f82e0dc66538806844da125f5367f96a1077fd8e02d1a0fd84
- SSDEEP
  
  384:Yn1I1PFAXnwuw7bRPJKe99Qn7v/pdr3dRIOcv4LUS:X1Y7Zear/7cOcv6US
Score

5^/10

discovery
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  email-html-2.txt
- Size
  
  1KB
- MD5
  
  e30672a61f4a8f232239d5046bb8d4ed
- SHA1
  
  82408b73208d1fc46cdd5f875e6fc139bac5dc34
- SHA256
  
  e8e74f88d1310a69c3092c2af288d0aeb9009bd80b7a6dcaf9a796362f82954e
- SHA512
  
  3e03339e04580ce4dc35058a722485077315767c36109576dc899919f09f4c5c1097f8fac5906e13b8f6170313c6a59e5151f06904e87730acce9405c7eaf7d5
Score

10^/10

discovery asyncrat njrat 20agosto nyan cat septiembre20 evasion execution rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- UAC bypass
  evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  email-plain-1.txt
- Size
  
  563B
- MD5
  
  8a0bef196a40df6d235cf6ecc4ee2c69
- SHA1
  
  e8f3f995c5641bb320bc629e7ef4c7dc777289ce
- SHA256
  
  336fd49167c1af403c84f674ac567c438cb09e50a293fcc15e23605f4e858d23
- SHA512
  
  536df4f6162cc181512540f339d7e06b837054dcf00ba2902f60f249b57e7afd35416093889e74ee727d0d2cbccafca60703f5c727a472084251d6a4a1f1951e
Score

1^/10
behavioral7 behavioral8
- Target
  
  image_2024_04_09T20_41_14_468Z.png
- Size
  
  1KB
- MD5
  
  12a3a1b16e27498d1ff40eff38f5d37f
- SHA1
  
  38950aaf221c6e9a4692eba53857a5c88ba036ff
- SHA256
  
  d2fd656d3645252852aac4ca15c775829cac394394894dbc0768e613ef3837c9
- SHA512
  
  ae94eca920c5976170b33c74b83846cee3088e58b83cea5a734ede0af36ca9467aca14fed4bc7976f7b359261f865c867e4fd32ccbb66aff871d49531ffda47f
Score

3^/10
behavioral10 behavioral9
- Target
  
  email-html-2.txt
- Size
  
  5KB
- MD5
  
  21e70e0f8d7626060afff9ba687be884
- SHA1
  
  55cefb75a97f60bb3bd3f073b920c2e0313fd0c8
- SHA256
  
  17df5310b0e1d2e3bae41bfe1d5ea8331e466c7cf6b59ac54a2080827a82c5e5
- SHA512
  
  73832972c40be78bb0bbf3897eb6a2fefb0b175b9e258f537755b1d2bcdb19b22616bc852eec8d4cb029c160a2a5df1c17e3c6ef30a703b77d9df230822eb212
- SSDEEP
  
  96:Z7kpKxGKfOHU9rCzz2++rNrdbsmpb2HIndzK4aTf9qWrvDmdkYxiozJhG:ZtyR+ZRws2ondzJBWzKmeE
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  email-plain-1.txt
- Size
  
  3KB
- MD5
  
  d8fff54334bf59859ec7eb075034329e
- SHA1
  
  4b9deecfd3bb2772550fd8915ae00c8e99577df4
- SHA256
  
  94fcc36ad9c6adc7c7a546e61a30ef9079f0a64780d2cda25df8428d562e2079
- SHA512
  
  5f916e4ec37c712f5e72820a19c96f9cb815658bb00713ac52f550f5e6072ec1be6efdb1ed6e0af451064e2d68c7117ef2f4dcf909609633a9caa07504bb0e39
Score

1^/10
behavioral13 behavioral14