Overview
overview
10Static
static
51 N0TlFlCA...AI.exe
windows7-x64
101 N0TlFlCA...AI.exe
windows10-2004-x64
101 N0TlFlCA...01.exe
windows7-x64
51 N0TlFlCA...01.exe
windows10-2004-x64
11 N0TlFlCA...1).exe
windows7-x64
71 N0TlFlCA...1).exe
windows10-2004-x64
71 N0TlFlCA...1).exe
windows10-2004-x64
61 N0TlFlCA...2).exe
windows7-x64
51 N0TlFlCA...2).exe
windows10-2004-x64
51 N0TlFlCA...1).exe
windows7-x64
71 N0TlFlCA...1).exe
windows10-2004-x64
81 N0TlFlCA...32.dll
windows7-x64
31 N0TlFlCA...32.dll
windows10-2004-x64
31 N0TlFlCA...32.dll
windows7-x64
31 N0TlFlCA...32.dll
windows10-2004-x64
31 N0TlFlCA...ar.dll
windows7-x64
31 N0TlFlCA...ar.dll
windows10-2004-x64
3General
-
Target
1+N0TlFlCAClON+DEMANDA+LAB0RAI++PR0CES0+JUDlCIAL.zip
-
Size
14.5MB
-
Sample
241029-xjbk2aybpq
-
MD5
46c08f23d145acd9d17897536f3d7101
-
SHA1
a9a7d627872ebf529d6c0387e0d5a9167a85d4d4
-
SHA256
009ff5894bb6d647dad69c00dfca4136f22fd094b18ed1692f7a662de2d49ae4
-
SHA512
89ff8ba753fb08c2785c5caf58e30cbc9be69ef0e4ae5b1ef9c04f4a1b4a06189619b181cdc643006c886bc6532b60bebc50661936f1c66f87d9af86e23ed844
-
SSDEEP
393216:CoNqRRnCfgo0gKwFDMvgYE9X+f8FhIVSDyVbCFfLVQtHw6t7Nk2:CoNyoD0g1pjrS8PPyVb4RQtHw6FN9
Behavioral task
behavioral1
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/2 DEMANDA LAB0RAI.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/2 DEMANDA LAB0RAI.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/2 winrar-x64-701.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/2 winrar-x64-701.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/7z2408-x64 (1).exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/7z2408-x64 (1).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/ChromeSetup (1).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/Firefox Installer (2).exe
Resource
win7-20241023-en
Behavioral task
behavioral9
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/Firefox Installer (2).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/OperaSetup (1).exe
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/OperaSetup (1).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/madHcNet32.dll
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/madHcNet32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/mvrSettings32.dll
Resource
win7-20240903-en
Behavioral task
behavioral15
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/mvrSettings32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/unrar.dll
Resource
win7-20240903-en
Behavioral task
behavioral17
Sample
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/unrar.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
Default
losquenopasan.kozow.com:8000
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/2 DEMANDA LAB0RAI.exe
-
Size
3.1MB
-
MD5
b841d408448f2a07f308ced1589e7673
-
SHA1
f5b5095c0ed69d42110df6d39810d12b1fa32a1e
-
SHA256
69a90665113bd73b30360d87f7f6ed2c789a90a67f3b6e86474e21273a64f699
-
SHA512
a689734048109ab7bec9491bbb7781686c19c7885166b3ca2975e2f49e956fcc388cd8ca85a4e5a8bf9efe6056f1e0d80197b7f521d4f0d4cadb10ba9ef1fa93
-
SSDEEP
49152:pvFg5qg9BtIAHE3SM4ahx6LK2SamuZob+tCjNrv8:Jm5qGBHBLRKuZfkjNrv8
-
Asyncrat family
-
Suspicious use of SetThreadContext
-
-
-
Target
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/2 winrar-x64-701.exe
-
Size
3.7MB
-
MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4
-
SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1
-
SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6
-
SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6
-
SSDEEP
98304:yNdBfKEHyrVcQky3zy1BK1X4Jg+opzZorSeksMURg0l5OOf:ky+GzkezMs1I5oDot8UeEt
Score5/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/7z2408-x64 (1).exe
-
Size
1.5MB
-
MD5
0330d0bd7341a9afe5b6d161b1ff4aa1
-
SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3
-
SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
-
SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1
-
SSDEEP
24576:UEBmEo1y9fcw5K42KmEDaMYAhr08oSG4OdWrfjcaHSNXJdx7wE9iko6qzLJmYYUP:UEvoo24xV2JJdPwMJ3x75z5q0jc/3
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/ChromeSetup (1).exe
-
Size
9.7MB
-
MD5
f108cf203b1b733b72b9719a77c9543e
-
SHA1
ac0ab58d704e03dcae4143a5dd98e954dfa6db7c
-
SHA256
966357c221b85adfca54f4e27934dd578b2e8594d0517cea246792b81842f84b
-
SHA512
cab0b906279d98582ba860e03164073fe21275cd3b7f39d080a7aa07e7d041ea0199ad53a9106d9577f2437ae2254533aa9e7bea1f3ff041ac6f9ecd3c4f15c8
-
SSDEEP
196608:zIC0KQrG/rJP2sX52l/0qPX1UjN4vcLYcp/E4oR94c5tK0UVDuC0wtIFC7Jzbl3:z3bQrcX5a/0qdUjN4vWZp/a9Z540UVDP
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/Firefox Installer (2).exe
-
Size
364KB
-
MD5
606cdf447699ced43d6a1e13ba6fc99c
-
SHA1
6f35f4f73951aa892d049cbea81f0af73621a233
-
SHA256
16da8fc3f94ba86b09d53e6a9548b2267c71bde325f3a226128986e70b527d6c
-
SHA512
78f744945b8e36950d7234d05191ec79f58217a906f0147a058a0a040354416c6c0a4ae2d3243ad1f33877f3337b16dae244cd9bdb47b2cd2a2051f1f86dc815
-
SSDEEP
6144:maVWdyzOxeA1DfdwX3MmIO/MU4AZbfLGdHR8fLaznnWobRlKnz3EfIXnVXL:mMROxdDfOnMmX/MUlbDI8feLWobRlKn5
-
-
-
Target
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/OperaSetup (1).exe
-
Size
2.1MB
-
MD5
e511f2a781ca6fbfb08a830922dcedf2
-
SHA1
7b6567645a5c7059e8f7922df61b45e4c4621d5c
-
SHA256
d3cbfe2cb2970e44a121e55f788307c060dd699fbd6f366577ad05c951778696
-
SHA512
753ee0e3e37ce45df92583e9613e04ce4152018706430b6ed71ead7f7a8361fd57ac95edad39ace0afc57ea8e5c46daa122dde7171e8fca837605449c50d0b1d
-
SSDEEP
49152:dVAbwHReN1zJi6s9MkjkoCnpjcUl9kFMHDIT0Ku:7A6ReNC6s9pQp9cI9A+IgV
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/madHcNet32.dll
-
Size
921KB
-
MD5
d22b9da713ab36102c9c3d812af8c12d
-
SHA1
371fdbf6ae6a9a2e5c0560fc94eba3290028a252
-
SHA256
95b538b47e02d0ad2bd15d47efc18695d5e379ef61568b81ef405773d9c199bb
-
SHA512
e5ae51f79403358af60bb3ea663251badac57414813f5537d763b0b95504a393fb2d34c94c4b7328ec13f58e74a7147d3a72e63e62973c4c5d80671be1c8face
-
SSDEEP
24576:TlUbWq3/gquYUJ4Vgv0eUnDaE0efxfXT95:pUR4quYUJ4VgceXE0gxfjv
Score3/10 -
-
-
Target
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/mvrSettings32.dll
-
Size
1.0MB
-
MD5
d168f18b79f9f33690f011d1deb1e7cf
-
SHA1
cf0d984ce101ec274e65e88fae07daeb26de5a6d
-
SHA256
b7d3bc460a17e1b43c9ff09786e44ea4033710538bdb539400b55e5b80d0b338
-
SHA512
bbf085bcbc3c1c98caba95bdf48051bac18bbd1b7314c7bb55b56e3d423fb34758cc239c237091486cc466123bf02844eaac3b4435cb535af25dc2bca625af71
-
SSDEEP
12288:1wsE8YWuTCipwKm3ZCdX+y0Cg57ZrVmK5UhYX5NN/u3ZeEb+LJkguVl1Y1e:XIWuFKKVuig5jZ5xX5P2bKyguJf
Score3/10 -
-
-
Target
1 N0TlFlCAClON DEMANDA LAB0RAI PR0CES0 JUDlCIAL/unrar.dll
-
Size
304KB
-
MD5
51865d714d444e677aa12adc8a399562
-
SHA1
25530deaaff17369664eb69a0f1ef0d70ee14f0f
-
SHA256
b7e2213b88952fec525517007e21273b515e38edd029e2672adc51c2927a0ba5
-
SHA512
17b07c7d31fc166dc06e418103b0c9c0a4c67b153347658c279f91b5d36fa92a50c1074f120fd3bedef5ac3bc38f00586401ac68830d052ed35afe80cc70dea8
-
SSDEEP
6144:qB6wDaKov/5qrawOZI8uN0f/UVvN3MwdZAmiVQL+O6j:qBNo35qrawqmG/yM86mim+Ou
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1