General
-
Target
NOTIFICACION_DE_DEMANDA#231020241709000000.uu
-
Size
4KB
-
Sample
241024-svjnka1cka
-
MD5
f7cb6479dec54c3907bbd3d80d95b50d
-
SHA1
128d531233e1e9e6326c87fe86d465ada070e5b9
-
SHA256
ac9b91fe056ac0a7bd3a0a93ded223b6a50e6fa6bec10b56ad5d5df731c2de0b
-
SHA512
310637484733767af24df44fa115734afa94d5b49c610710064c080887cc56fc2054e724ff19402925b127ef25c3c927d1a8d17eed3607b780edf151d22cf531
-
SSDEEP
96:mD79tRp/pquH3pr6z6C7zd5ezyFJVOB6FPAZK6epvVVjmZE:yZbG+priHd5a8PVB5e2
Static task
static1
Behavioral task
behavioral1
Sample
NOTIFICACION_DE_DEMANDA#231020241709000000.rar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
NOTIFICACION_DE_DEMANDA#231020241709000000.rar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
NOTIFICACION_DE_DEMANDA#231020241709000000.vbs
Resource
win7-20241010-en
Malware Config
Extracted
https://pastebin.com/raw/Adv9gBHa
https://pastebin.com/raw/Adv9gBHa
Extracted
https://pastebin.com/raw/Adv9gBHa
https://pastebin.com/raw/Adv9gBHa
Extracted
https://pastebin.com/raw/Adv9gBHa
https://pastebin.com/raw/Adv9gBHa
Extracted
asyncrat
1.0.7
octubre22
manuelmorenomanuel1234.duckdns.org:2024
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
NOTIFICACION_DE_DEMANDA#231020241709000000.uu
-
Size
4KB
-
MD5
f7cb6479dec54c3907bbd3d80d95b50d
-
SHA1
128d531233e1e9e6326c87fe86d465ada070e5b9
-
SHA256
ac9b91fe056ac0a7bd3a0a93ded223b6a50e6fa6bec10b56ad5d5df731c2de0b
-
SHA512
310637484733767af24df44fa115734afa94d5b49c610710064c080887cc56fc2054e724ff19402925b127ef25c3c927d1a8d17eed3607b780edf151d22cf531
-
SSDEEP
96:mD79tRp/pquH3pr6z6C7zd5ezyFJVOB6FPAZK6epvVVjmZE:yZbG+priHd5a8PVB5e2
Score10/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
NOTIFICACION_DE_DEMANDA#231020241709000000.vbs
-
Size
8.9MB
-
MD5
6872587aacd35fad8bcc50d46cac9bec
-
SHA1
d9e606614a14ac0f368ef9e19ef043bc9e9bc76e
-
SHA256
7eb65f78fd002384dc1cf76a0dc4a8b15514f179b300d1612b791728261dc483
-
SHA512
75e4438043bd4832be8b47a174132cc7c49ebfc92780435d3212b6838339a4ae2c023ba6d9ce104696bdb300279f0609c93d793c1a707b950a83bff53841df56
-
SSDEEP
96:c6G7Meyds/iYNRTz3vnqA04QrELzz+djbCb+huFlvxh39grdhh:bxjYNRTz3vq12+RKxh39Ohh
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-