General

  • Target

    776a750c48b4d438e5baf32bed87e13a.tar

  • Size

    936KB

  • Sample

    241023-tvr6da1glq

  • MD5

    776a750c48b4d438e5baf32bed87e13a

  • SHA1

    16f1f0f4cca7644e7df19c741674ef018dca1813

  • SHA256

    4d4dd04f8e134bfb02672a7f88c72b4e048ea080917abd94df2bc87a17f3602e

  • SHA512

    11e5e0d5eb19e4cc95c0c5e3b368e5bd006bbd14b89f866f5241318803bac5df6bb54b8ede77099f998e5a8c9cca7d9d8169e4be6e50a25a1413b2f6f5eafdbe

  • SSDEEP

    24576:qCQYk2jHtr+cmREaNbr7Htc5wIKqS4sUvh3Z:qCQYNjHtKcglHSepD3+f

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

OCTU21

C2

mnnioudfd.duckdns.org:8010

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Incidente de desacato judicial fallo tutela No 2110-24.exe

    • Size

      2.4MB

    • MD5

      a1bc90eb0593fff728ebdb07fa5be49d

    • SHA1

      4d4a732df8f1f78e3084c00e2c3dacfbbb411abc

    • SHA256

      a306e433e72c97ac9016f9f260f882362d7dfa8735f86384ee70046304430e25

    • SHA512

      0ee42280d3d11d87db579e6dea847cc672f15e9fedd642d66921f759558b95f970674e310c4b41d2efc99524dda54e65411586815f9866dc8b71c2716fb8b0b6

    • SSDEEP

      49152:azJioJ67eQD9rSlAthuDZzjz4YVw7bf33fKo:jnJudzjz4YAT

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks