General

  • Target

    42d047eb592cb2afc96740567d7ca6b4.tar

  • Size

    1.2MB

  • Sample

    241028-xelkfasqav

  • MD5

    42d047eb592cb2afc96740567d7ca6b4

  • SHA1

    fda0c975141d0f4ef529a0138645696483fb72d4

  • SHA256

    d92fee133d92474e1658a9e9d26440c93f6d930157a13597604f151933effa2c

  • SHA512

    45de2564da6a8f7659d7b9f43201f42352fb499830170db638f8e0ff29336cc4ccacd351e5e8367d68ba26216d5c1b586e2924444176c9a7ce93777fdb6d4f9e

  • SSDEEP

    24576:6Z87VD4SpJogl47SPiQDl2ypuPWdZ8RkLdQ5pFo8dvIT3:kypJogl5PbIUmwdQ5pF/wT3

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

DINERO

C2

octubre212024.giize.com:2727

fuertefuerte.accesscam.org:2727

octubre242024.casacam.net:2727

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      122005215121511111777000000000000000000000000000005151485251954592654895926154588962261515459562.exe

    • Size

      3.6MB

    • MD5

      c76159163023302b08641b8d271ab362

    • SHA1

      c388606fb8394f7360da6cef38ec1526d2dc9ba1

    • SHA256

      5ab8a17246063f43e04f124c842427a9413d086796c1fd5e9d46917b308f5e74

    • SHA512

      53f2a3abd6337100f5fc8ed3da331c5cbb1b4478349c3b2dfc9547330770567bf7c5ced763e176c256cc16180032f816608d0a61d8e31db5ccf2f4f272aeaba2

    • SSDEEP

      49152:jWGtLBcXqFpa88R6SVb8kq4pgquLMMji4NYxtJpkxhGjIuTbR3339YcZUQ3EANa2:dtLuZIqgwh4NYxtJpkxhGB333tRaEp

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks