General
-
Target
8fb2ad76f9758f71a1156843d01cca52.rar
-
Size
7KB
-
Sample
241030-rvq7zawaln
-
MD5
8fb2ad76f9758f71a1156843d01cca52
-
SHA1
c9bb2bb9c0404a0dc5a9e0a4684b34567d3bbee3
-
SHA256
49bcb8e836ba3123aabf9bac83ad69146333cc4d34ca440e6a4f3b6436dee08f
-
SHA512
4f22ab8a3b595398c4700f5feedd31f23672d86149e03d4a77b05c90c89d1b55cbbb803b5fa96f915108ed8ed7d23e7ba21a482150c84367cf7f001bf0a46fe2
-
SSDEEP
192:hXQ5WpdkLYKvdtXpxBoepqPgXJuIdvjw81i:dh4DXrpjtdvFA
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTO_SISTEMA_REQUERIMIENTO_DIAN_PROCESO_DE_EMBARGO_REVISION_INMEDIATA_ad8098904901470147f818615.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
zzzzDefaultIT
deadpoolstart2030.duckdns.org:6090
CookieWin
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
DOCUMENTO_SISTEMA_REQUERIMIENTO_DIAN_PROCESO_DE_EMBARGO_REVISION_INMEDIATA_ad8098904901470147f818615891658168ca7555f5757728471229_pdf.vbs
-
Size
68KB
-
MD5
722ef0f62d5f0d96f0f63888e0d8ae39
-
SHA1
0afc5ebc973e07bc01682922e5972dbfead09691
-
SHA256
b2bea3384dc24126675379eb1473946f2927a10d8eff6730bc024716ef0f6864
-
SHA512
9e614dbf3ea73992903a5a93884733ce4346e9108a78fba4f0ded8200cfd0fc33a929cebf2a1236163e63e6e33ac0b0daf8af8e881bb125f9cd57986db5454b2
-
SSDEEP
1536:bUJW4Wrle/PhG+/kery+bGNccc3gt5pzaUGwm:jS7rgt5pnGwm
-
Asyncrat family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
4Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1