General

  • Target

    OFICIOS ENTREGADOS RAD. N° 2532-4231-23.exe

  • Size

    28KB

  • Sample

    241023-2gfjesvcpq

  • MD5

    aa94d5a49336a03c813b9c11915754ff

  • SHA1

    0888037069f0b97666686cdd2a35a546cc8ae094

  • SHA256

    262cc13c53fffb6f35e5b882ab2358bb8bcafbdba9eeb3d62eeb759e7f064fd7

  • SHA512

    3d1f16139d536cdbb0e2b86e438eb21effebbbea98e4419f46c435499eb9ebae8d537b145e3c611acc81868cbaa299dafc2f525b5cbd121514dc579b3eb8da85

  • SSDEEP

    384:+8r639p6q9UZLEvqedkn6PLMUAvZmF/FHiFfyuWaQhBGeVlffffffgz:96kLEvqenVMJWaKPu

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

octubre 9

C2

dcmen09.duckdns.org:6000

Mutex

firewalljegjgghfyfyfyksklddhcmsjgkeedhkio

Attributes
  • delay

    10

  • install

    false

  • install_file

    defender

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      OFICIOS ENTREGADOS RAD. N° 2532-4231-23.exe

    • Size

      28KB

    • MD5

      aa94d5a49336a03c813b9c11915754ff

    • SHA1

      0888037069f0b97666686cdd2a35a546cc8ae094

    • SHA256

      262cc13c53fffb6f35e5b882ab2358bb8bcafbdba9eeb3d62eeb759e7f064fd7

    • SHA512

      3d1f16139d536cdbb0e2b86e438eb21effebbbea98e4419f46c435499eb9ebae8d537b145e3c611acc81868cbaa299dafc2f525b5cbd121514dc579b3eb8da85

    • SSDEEP

      384:+8r639p6q9UZLEvqedkn6PLMUAvZmF/FHiFfyuWaQhBGeVlffffffgz:96kLEvqenVMJWaKPu

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks