Overview

overview

10

Static

static

1

-20021254 ...AL.exe

windows7-x64

10

-20021254 ...AL.exe

windows10-2004-x64

10

-20021254 ...at.dll

windows7-x64

3

-20021254 ...at.dll

windows10-2004-x64

3

-20021254 ...IB.dll

windows7-x64

3

-20021254 ...IB.dll

windows10-2004-x64

3

-20021254 ...90.dll

windows7-x64

3

-20021254 ...90.dll

windows10-2004-x64

3

-20021254 ...90.dll

windows7-x64

3

-20021254 ...90.dll

windows10-2004-x64

3

-20021254 ...te.dll

windows7-x64

3

-20021254 ...te.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54fa094a6547c58061dbc1431511fd252d1584d642dd880b44dd96d5c670f2db

  • Size

    1.7MB

  • Sample

    241025-2askeasqgq

  • MD5

    3b6b9d7622c6995b9e940c7e1828410d

  • SHA1

    bdc7f876ae02e7c27821106e16498b51553f64ef

  • SHA256

    54fa094a6547c58061dbc1431511fd252d1584d642dd880b44dd96d5c670f2db

  • SHA512

    2d090302d2f02151338d126d1257db5c8115ae539e07724384eac56e0657866aadba084bbc45e190b2b7b6329644f841cf12c58133bb742fce1cd673522f2b39

  • SSDEEP

    24576:KYzTIQP5YcDWlymLIQ2ESQJPNgkUWfATT+9MhB4i9ju9p7mIgXbuRJI4XvYAajLe:KGc+WlymLIpe1Fq/hqi9K7EcIe46

Score
10/10
asyncratserverdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

SERVER

C2

asxyz.duckdns.org:52350

Mutex

AsyncMutex_6SI6TOGjnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      -20021254 DEMANDA LABORAL EN CURSO-1002024/1 DEMANDA LABORAL.exe

    • Size

      1.2MB

    • MD5

      f778e9136ab0db9de9802a7043de50a7

    • SHA1

      850dca074534a14fdb9ada6afaceea88558764e0

    • SHA256

      90803a583e9f693de5e7b8a196832436f6f648b27fb82e55904c256f30cc8b3a

    • SHA512

      cd6c5c3537f05ad5826d503e38b8e6ef2eaf668616bec15ba51ad3d81e0337a72779d7ca6af9e8ebee12d713891b30c0b73bf34718552bc9f4e7d8909b998156

    • SSDEEP

      24576:+heavSigvk0vhkzswHD4/V3OQdnYKYc4wXUyuy1:qP710vezrj4dJYFYUyuy1

    Score
    10/10
    asyncratserverdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      -20021254 DEMANDA LABORAL EN CURSO-1002024/AXE8SharedExpat.dll

    • Size

      170KB

    • MD5

      0cfb90c28768e26498834d780fbbd754

    • SHA1

      94738b02338ac939ab610e69111f68a0b888da1d

    • SHA256

      5b3434727cd6805870550c4912e23543d3f9b58a19d32c412b8978d1515e1229

    • SHA512

      ff6f99a06a7f4bd02ca9d66568459dc9f584fdd140e9a1d1e426eb32152717d298b603d9e3aece0591fac0d951ab3225bb78a3665e3ac763319cb717135aac73

    • SSDEEP

      3072:23ITKGHS4tcdKwmcOTw1hOqLKpJzadzwxxYBcdgtqbeBTg4vRPzr4zvRiYkTg:FTxS4tcdKVw1iB8Axr2qG4Utg

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      -20021254 DEMANDA LABORAL EN CURSO-1002024/BIB.dll

    • Size

      107KB

    • MD5

      759d71fc9442ab5a9b5749c0f6c0c263

    • SHA1

      07a68c6922d443eb9d6d445da18ae8a6d92f7ac6

    • SHA256

      109647f58e7e8386a4c025f2c8175a4d638e5c0e62768953390764010ea22a2e

    • SHA512

      e3efe66c76ea81285ba01b1978fdb3e807eb0bf2cfe0373bb6fef06f2fd7d9ddc3269acf0d87517cbf9bea5fa09b2703a03792491dc8265d26b724d7dca106c7

    • SSDEEP

      3072:FeQixAO/A/0VSaGHvP5GeBTEpP2t31VrxrcZ0KOKbfQp:uKO+0VSnKOKbop

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      -20021254 DEMANDA LABORAL EN CURSO-1002024/msvcp90.dll

    • Size

      557KB

    • MD5

      90a32d8e07f7fb3d102eab1da28f0723

    • SHA1

      0903911bbb5d00f68ba51895fa898b38a5453ded

    • SHA256

      004ed24507dc7307cec1a3732fa57eabf19e918c3e1b54561e6cc01f554c0b77

    • SHA512

      2c69586d5c5d2b4b5decf2bf479554c3d0ff5f5a6fbacb01b8583ea8d96d0ae9c850c30a0d43eb2ad1116be901578d15fe08fce3e505440c854082c208a79f1a

    • SSDEEP

      12288:BpFE340h3e34GVZQACkIPYhUgiW6QR7t5183Ooc8SHkC2eLgAfO:Bph0h3e3vgzPA83Ooc8SHkC2eLgAfO

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      -20021254 DEMANDA LABORAL EN CURSO-1002024/msvcr90.dll

    • Size

      638KB

    • MD5

      11d49148a302de4104ded6a92b78b0ed

    • SHA1

      fd58a091b39ed52611ade20a782ef58ac33012af

    • SHA256

      ceb0947d898bc2a55a50f092f5ed3f7be64ac1cd4661022eefd3edd4029213b0

    • SHA512

      fdc43b3ee38f7beb2375c953a29db8bcf66b73b78ccc04b147e26108f3b650c0a431b276853bb8e08167d34a8cc9c6b7918daef9ebc0a4833b1534c5afac75e4

    • SSDEEP

      12288:5hr4UC+Ju/A0BI4yWkoGKJwZ9axKmhYTMAO7wFKjCUmRyyPe:9JfyZFGKJjxKmhSMAB6CUmRyyPe

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      -20021254 DEMANDA LABORAL EN CURSO-1002024/sqlite.dll

    • Size

      243KB

    • MD5

      61c4af783de766cee0b3172b8acb02a7

    • SHA1

      9396e8545da198e616e0d157f8bce399469e9627

    • SHA256

      f6ed01358bc99993ed8bf2303995a6d6fbd4acefec99df35d347f51eef0c3fca

    • SHA512

      b2d3f73c731d37eebe8bc8fb46ad02a592a192da6b9552fa223aded2203259c928495f249a106b37d3b8103515f9550b13397ee7e42dd8bca32127026612af72

    • SSDEEP

      6144:IBDoxpdJLEfunorfdoU9nxGIndwRtj0E3/AE6uoJ:eDApalrGIdwRtjZ3/B6dJ

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks