General

  • Target

    YDRAY-232024-LEER-NOTIFICACIONDEMANDA-LABORAL-55214.tar.rar.CAB.tar.001

  • Size

    1.4MB

  • Sample

    241025-qb13ds1arr

  • MD5

    54076a175f89882a5967970d77744920

  • SHA1

    0ba27693872549b12bab2e23a4fd73352a31e2ed

  • SHA256

    6f2e4e8901e5746c7ac53435e1d32b9765641ed56b713ab6691fcc58d6ac1b64

  • SHA512

    7af02f4d5835a83c71f41f83a7fb23a63bcff6c3d569c065dcbaafa08a2b00919024c3f0b9aa53f78c4110219fd861d1777b019c0430655bea1972a2199c8bf9

  • SSDEEP

    24576:GF6qby6A8/PNyJbMdW1Z+2gmSgG18n7rGmcleYqHXr95j2quImVdchm23alh5evb:S672UokZemZvGBxir95j23IQdipKnO+E

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

envio122344.duckdns.org:3030

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      232024-LEER NOTIFICACIONDEMANDA LABORAL-55214/02 LEER DEMANDA LABORAL.exe

    • Size

      1.2MB

    • MD5

      f778e9136ab0db9de9802a7043de50a7

    • SHA1

      850dca074534a14fdb9ada6afaceea88558764e0

    • SHA256

      90803a583e9f693de5e7b8a196832436f6f648b27fb82e55904c256f30cc8b3a

    • SHA512

      cd6c5c3537f05ad5826d503e38b8e6ef2eaf668616bec15ba51ad3d81e0337a72779d7ca6af9e8ebee12d713891b30c0b73bf34718552bc9f4e7d8909b998156

    • SSDEEP

      24576:+heavSigvk0vhkzswHD4/V3OQdnYKYc4wXUyuy1:qP710vezrj4dJYFYUyuy1

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks