General

  • Target

    Juicio_Legal_Procesado_N°_47287434.tar

  • Size

    1.1MB

  • Sample

    241025-y3fvja1pek

  • MD5

    435d3a38527e4f63897172fe71158972

  • SHA1

    68388a7b0600e5abe93acfa7e32cabc24d41dc82

  • SHA256

    358e9cb86fcf5de99d8f859fe0339cf8f7eaa8b5a08f5a075c2b4ddd5f1f755b

  • SHA512

    3541c88e26f88ec4b707b4c406cbb815d13ab4c12542fe9e83b6aa24cb64e9e4e42e2c559b50a399140c494b26f699ea56e9cc3723cad16de369da7694a769e2

  • SSDEEP

    24576:1k0qh27HZrd+DTf7CWHPhzOTPF+C+9+hlcmcXmIzZStnme:1k0q4HZrd+Xj7PgTdO+3cmkjzZQnj

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

025-Oct

C2

999triana999.1cooldns.com:11206

999triana999.1cooldns.com:2203

999triana999.1cooldns.com:2202

999triana999.1cooldns.com:22205

999triana999.1cooldns.com:22206

Mutex

DcRatMutex_qyunchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Juicio_Legal_Procesado_N°_47287434..exe

    • Size

      3.6MB

    • MD5

      c3eba8bbad42c6317b472ffd5421a3f1

    • SHA1

      096f13459a3b67c004695edaeb5bcb75b1c591dd

    • SHA256

      154c728c638c6657124307c1b1e4ed0ab7154578ac5fc96042042ff216caad99

    • SHA512

      20f53fd415da44de95fbecaae0112b24b38b5e6c7ed0578193d5d87d71396a413ccbae9d0923f6413846e5c74b3fc23d034425d005331d234295396d1517d3f4

    • SSDEEP

      49152:hWGtLBcXqxlR6SVb8kq4pgquLMMji4NYxtJpkxhGjI3TFE333FLBEPlo0MgNn+QT:jtLu+sqgwh4NYxtJpkxhG1333PlC

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks