General
-
Target
8fb2ad76f9758f71a1156843d01cca52.rar
-
Size
7KB
-
Sample
241030-rp9r5avhnl
-
MD5
8fb2ad76f9758f71a1156843d01cca52
-
SHA1
c9bb2bb9c0404a0dc5a9e0a4684b34567d3bbee3
-
SHA256
49bcb8e836ba3123aabf9bac83ad69146333cc4d34ca440e6a4f3b6436dee08f
-
SHA512
4f22ab8a3b595398c4700f5feedd31f23672d86149e03d4a77b05c90c89d1b55cbbb803b5fa96f915108ed8ed7d23e7ba21a482150c84367cf7f001bf0a46fe2
-
SSDEEP
192:hXQ5WpdkLYKvdtXpxBoepqPgXJuIdvjw81i:dh4DXrpjtdvFA
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTO_SISTEMA_REQUERIMIENTO_DIAN_PROCESO_DE_EMBARGO_REVISION_INMEDIATA_ad8098904901470147f818615.vbs
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
DOCUMENTO_SISTEMA_REQUERIMIENTO_DIAN_PROCESO_DE_EMBARGO_REVISION_INMEDIATA_ad8098904901470147f818615.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
zzzzDefaultIT
deadpoolstart2030.duckdns.org:6090
CookieWin
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
DOCUMENTO_SISTEMA_REQUERIMIENTO_DIAN_PROCESO_DE_EMBARGO_REVISION_INMEDIATA_ad8098904901470147f818615891658168ca7555f5757728471229_pdf.vbs
-
Size
68KB
-
MD5
722ef0f62d5f0d96f0f63888e0d8ae39
-
SHA1
0afc5ebc973e07bc01682922e5972dbfead09691
-
SHA256
b2bea3384dc24126675379eb1473946f2927a10d8eff6730bc024716ef0f6864
-
SHA512
9e614dbf3ea73992903a5a93884733ce4346e9108a78fba4f0ded8200cfd0fc33a929cebf2a1236163e63e6e33ac0b0daf8af8e881bb125f9cd57986db5454b2
-
SSDEEP
1536:bUJW4Wrle/PhG+/kery+bGNccc3gt5pzaUGwm:jS7rgt5pnGwm
Score10/10-
Asyncrat family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-