General

  • Target

    59c4eac59865fae0ef3c43a6126784583a168b57e73a8743ef5dd063dfd86d19

  • Size

    7.3MB

  • Sample

    241023-vb6ebszhmf

  • MD5

    0787e68a046cde0ee2878cada03e0026

  • SHA1

    6900dbcc07063914491660bd0747f638f36b5fe3

  • SHA256

    59c4eac59865fae0ef3c43a6126784583a168b57e73a8743ef5dd063dfd86d19

  • SHA512

    a7c32ca02cb1cd4a50a78cac353d8bd9b4554e74125ccf56cdbf47cf34933bf6a7e20c9558b28a1b12d6fb6ce17677aa4aeac0e577013c911755c8853ee3ebe0

  • SSDEEP

    98304:cEiYyiMkCjDm5AHO0XWhvGc9JVxRiA+53cDSPu8OkqNeIzRLJvXAJDTZVefsIEvD:cNNfJHkvnDgAGbuhPzRL9AJCsIEK0bt

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

22 OCTUBRE

C2

151.duckdns.org:9003

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      DESCARGA NOTIFICACIÓN ELECTRÓNICA AGRADECEMOS CONFIRMAR RECIBIDO RADICADO 4534135431 00 654165135/00022 NotificacionElectronicaJrad912493432.exe

    • Size

      304KB

    • MD5

      411cd1175b5e21b6a3c6a72c34e8773c

    • SHA1

      faabd22ddca0062dd3d7bc534e49078ee5d84be8

    • SHA256

      116b75d94dacf676931ff8623a0b34f3ea75b52d67b0494fefd1b8dce6bc121a

    • SHA512

      6414d174a17edf813bb7f739b9d625c4489dd4a45c56932fad7f222a2b8ea646fd2316cdba4e421225cbdf4aeb245329aa5bb3034e2b54e3859dcd89c7d1dd90

    • SSDEEP

      6144:VU1bbTLUcplb/PBA107iUJokz0HYmHvt9mC1xuhB0KY+c5+ZUkBgtPog/BCRs0p:61bwcpNPX+UJok4TvtsQxeo+c5+tBYPc

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      DESCARGA NOTIFICACIÓN ELECTRÓNICA AGRADECEMOS CONFIRMAR RECIBIDO RADICADO 4534135431 00 654165135/Qt5Core.dll

    • Size

      5.8MB

    • MD5

      a69021f31874d4aefec8c3a2bedd4437

    • SHA1

      aff85d5df7a4e69303f579b9a5a2ae82e14f3af6

    • SHA256

      dc68a1446e829afa5c7e33f4dd2233e096a492bdf3a82eb0eeacfafb69bdecbf

    • SHA512

      63fff0338d325f63431004f0fdf9e21a570536c1ac95ccd3f8a33c065d29d35d524ef6e2e5878d3986109e681480c03c2311b2447611003850d381bae4707667

    • SSDEEP

      98304:NTjAe4iOtBelKxJsv6tWKFdu9C0eo74Qerqf1t:NTjAetoBZJsv6tWKFdu9C017derqf1t

    Score
    1/10
    • Target

      DESCARGA NOTIFICACIÓN ELECTRÓNICA AGRADECEMOS CONFIRMAR RECIBIDO RADICADO 4534135431 00 654165135/Qt5Gui.dll

    • Size

      6.2MB

    • MD5

      34893cb3d9a2250f0edecd68aedb72c7

    • SHA1

      37161412df2c1313a54749fe6f33e4dbf41d128a

    • SHA256

      ca8334b2e63bc01f0749afeb9e87943c29882131efe58608ea25732961b2df34

    • SHA512

      484e32832d69ec1799bd1bcc694418801c443c732ed59ecd76b3f67abf0b1c97d64ae123728dfa99013df846ba45be310502ef6f8da42155da2e89f2a1e8cb2c

    • SSDEEP

      49152:Olbw69/oyRlQ3bseHmQL7cE6Vvz4IBeEsBvf6MGde7l8UkqolD/SrneTbfrh4y+8:Olbw6a6GpcZsBv6szezn9IPRs9

    Score
    1/10
    • Target

      DESCARGA NOTIFICACIÓN ELECTRÓNICA AGRADECEMOS CONFIRMAR RECIBIDO RADICADO 4534135431 00 654165135/Qt5Network.dll

    • Size

      1.3MB

    • MD5

      945cdfdd45ddd888d200d4aecf6fc67d

    • SHA1

      10a4c05fbad2e753aee111a42a80fc6934c82b1c

    • SHA256

      8e475e0ac9f67057944d2a11df81627d6d071eff16aa9425e53af58d1e06bcd2

    • SHA512

      36439db83bee67f5d0edc00bc52f012cf8c47ec862bb07cbe47829812cd0cfdcf562945cea1474b878a0516d23530c13ef67a61a2fb9a9f099ee60007d3b5eee

    • SSDEEP

      24576:XxQmm4jK56LNWz/m7iNBd3ol84iKiEanP/:XNmrCNxiNBulBiKiEaP/

    Score
    1/10
    • Target

      DESCARGA NOTIFICACIÓN ELECTRÓNICA AGRADECEMOS CONFIRMAR RECIBIDO RADICADO 4534135431 00 654165135/Qt5PrintSupport.dll

    • Size

      316KB

    • MD5

      d0634933db2745397a603d5976bee8e7

    • SHA1

      ddec98433bcfec1d9e38557d803bc73e1ff883b6

    • SHA256

      7d91d3d341dbba568e2d19382e9d58a42a0d78064c3ad7adfe3c7bb14742c2b1

    • SHA512

      9271370cd22115f68bd62572640525e086a05d75f5bc768f06e20b90b48a182f29a658a07099c7bc1e99bf0ffcf1229709524e2af6745d6fed7b41c1addd09f1

    • SSDEEP

      6144:n5BVjwbCL85ofdeA2aqWs+41FwneMKAaol1cafGR27M1ffqp+1eszZnDy4SA:nBjwE8aVK

    Score
    1/10
    • Target

      DESCARGA NOTIFICACIÓN ELECTRÓNICA AGRADECEMOS CONFIRMAR RECIBIDO RADICADO 4534135431 00 654165135/Qt5Widgets.dll

    • Size

      5.3MB

    • MD5

      c502bb8a4a7dc3724ab09292cd3c70d6

    • SHA1

      ff44fddeec2d335ec0eaa861714b561f899675fd

    • SHA256

      4266918226c680789d49cf2407a7fec012b0ed872adafb84c7719e645f9b2e6d

    • SHA512

      73bef89503ce032fba278876b7dab9eac275632df7a72c77093d433c932272da997e8fbeb431a09d84baac7b2ab2e55222ff687893311949a5603e738bfa6617

    • SSDEEP

      98304:oSIq7lPpagrGUtPm3qBF+1jIJJAi+eVq8:oSI8hagrGUtPm3KMRIL+e/

    Score
    1/10
    • Target

      DESCARGA NOTIFICACIÓN ELECTRÓNICA AGRADECEMOS CONFIRMAR RECIBIDO RADICADO 4534135431 00 654165135/msvcp140.dll

    • Size

      557KB

    • MD5

      7db24201efea565d930b7ec3306f4308

    • SHA1

      880c8034b1655597d0eebe056719a6f79b60e03c

    • SHA256

      72fe4598f0b75d31ce2dc621e8ef161338c6450bb017cd06895745690603729e

    • SHA512

      bac5729a3eb53e9bc7b680671d028cabef5ea102dfaa48a7c453b67f8ecb358db9f8fb16b3b1d9ea5a2dff34f459f6ac87f3a563c736d81d31048766198ff11e

    • SSDEEP

      12288:Rsjw3shF+jss1I8CgEWTe5+YMCMGz2MMY5U489wiyaf+QEKZm+jWodEEVksLd:Rs/5U4RBaf+QEKZm+jWodEECsL

    Score
    1/10
    • Target

      DESCARGA NOTIFICACIÓN ELECTRÓNICA AGRADECEMOS CONFIRMAR RECIBIDO RADICADO 4534135431 00 654165135/vcruntime140.dll

    • Size

      96KB

    • MD5

      f12681a472b9dd04a812e16096514974

    • SHA1

      6fd102eb3e0b0e6eef08118d71f28702d1a9067c

    • SHA256

      d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

    • SHA512

      7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

    • SSDEEP

      1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1

    Score
    1/10
    • Target

      DESCARGA NOTIFICACIÓN ELECTRÓNICA AGRADECEMOS CONFIRMAR RECIBIDO RADICADO 4534135431 00 654165135/vcruntime140_1.dll

    • Size

      37KB

    • MD5

      75e78e4bf561031d39f86143753400ff

    • SHA1

      324c2a99e39f8992459495182677e91656a05206

    • SHA256

      1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

    • SHA512

      ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

    • SSDEEP

      768:Xhh4pTUUtmUwqiu8oSRjez6SD7GkxZYj/9zLUr:xJ9x70GkxuZz2

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks