General

  • Target

    4acff71261109827fda28799ed22a3e6.rar

  • Size

    8KB

  • Sample

    241022-2ayreszbjj

  • MD5

    4acff71261109827fda28799ed22a3e6

  • SHA1

    74b21e1d49f60f953595481557c88b0f15962b4d

  • SHA256

    c09f4150d563b4f27fd5939dbcacad7e547b90c527ceec50f1fe477fc4db35ea

  • SHA512

    c3e1c4d8f34c3dd33ebf8c10a3415f4beb93d884e021d579e941b3f52494898e790a84ef1767974fb3e23ff10ccf08bd0afb2ae904c16faf421d1cdf8624f001

  • SSDEEP

    192:X2plLuEvTz4uphSjrSkrEIFxPLr7XrBKH6+:GfRvHxphSjOkrx/XrBo

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://pastebin.com/raw/Adv9gBHa

exe.dropper

https://pastebin.com/raw/Adv9gBHa

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

zDefaultREN

C2

deadpoolstart2029.con-ip.com:6090

Mutex

WinCookies

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      NOTIFICACIONES_ACTIVA_EMITIDA_CORREO_SOPORTE_COBROS_5638945847483759479347674893679047698406747690384674398609409673904698798476948694698968986PDF.vbs

    • Size

      8.9MB

    • MD5

      199449f2ef2026f61889f3259d30f387

    • SHA1

      253f7b5e019ff159b10844d662b9d2b9331acf62

    • SHA256

      80ba2478e4695de6db6ee1bed092eab38cc6c4243f3ba6e6a16ca180a68520ed

    • SHA512

      9151040021d577a3b76192d128d2c1a3d22ba74cd38ee82662681914fb1d466ac88e40fd592c606f6f84fb36ac13b1dd2ec7091ab07613a1bc3fb0ee9293743a

    • SSDEEP

      96:c6G7MI/Gs/iYNRTz3vnqAJ4QrE2zzdRfpb7jhI6QP39g7d5qI:bqyYNRTz3vqyjdRR/jhI6k39e5X

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks