General

  • Target

    OFICIO REMITENTE RDO 21200325-20024.svg

  • Size

    442KB

  • Sample

    241022-v6peaswgpf

  • MD5

    46880fd1c96600d00449286780d696e0

  • SHA1

    9d1f8fa5cdcd6afe9c1aba8e5495ef8a24d82c51

  • SHA256

    c3e463142e0716d2c95d01baa0ceb84366f4c279be297ecf9a698cd211771bc8

  • SHA512

    8a4015b719e0a54e2c0373463c2e0db5689174dead1820c4d1a0d092fa54b5d0df8ba9eb989b688cf1c2fec2b9754692dcb1eba54b83b581ff260e42c11b8c56

  • SSDEEP

    3072:VD3/9IRQR1K0miSmwTkkBPnvpaN0Dp/UKtyW8A2KJjRc3lclFwBjlGQbkySFvMuo:5P9IwIpkSPvGMyzAnQPBJ

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

SERVER

C2

asxyz.duckdns.org:52350

Mutex

AsyncMutex_6SI6TOGjnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      OFICIO REMITENTE RDO 21200325-20024.svg

    • Size

      442KB

    • MD5

      46880fd1c96600d00449286780d696e0

    • SHA1

      9d1f8fa5cdcd6afe9c1aba8e5495ef8a24d82c51

    • SHA256

      c3e463142e0716d2c95d01baa0ceb84366f4c279be297ecf9a698cd211771bc8

    • SHA512

      8a4015b719e0a54e2c0373463c2e0db5689174dead1820c4d1a0d092fa54b5d0df8ba9eb989b688cf1c2fec2b9754692dcb1eba54b83b581ff260e42c11b8c56

    • SSDEEP

      3072:VD3/9IRQR1K0miSmwTkkBPnvpaN0Dp/UKtyW8A2KJjRc3lclFwBjlGQbkySFvMuo:5P9IwIpkSPvGMyzAnQPBJ

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks