Overview

overview

10

Static

static

1

Notificaci...l .exe

windows7-x64

10

Notificaci...l .exe

windows10-2004-x64

10

Notificaci...c_.dll

windows7-x64

3

Notificaci...c_.dll

windows10-2004-x64

3

Notificaci...m_.dll

windows7-x64

3

Notificaci...m_.dll

windows10-2004-x64

3

Notificaci...t_.dll

windows7-x64

3

Notificaci...t_.dll

windows10-2004-x64

3

Notificaci...20.dll

windows7-x64

3

Notificaci...20.dll

windows10-2004-x64

3

Notificaci...20.dll

windows7-x64

3

Notificaci...20.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    978bba74d1745fba180d88a6fc4179cc52e86b3b9455a9652d30d686ffbd6c60

  • Size

    2.0MB

  • Sample

    241101-vx44dstdnn

  • MD5

    fdbcfdc358f19fcf15fd19726dd0f5ca

  • SHA1

    f8676405cbab15fd8b129d18a30db852d3faac6a

  • SHA256

    978bba74d1745fba180d88a6fc4179cc52e86b3b9455a9652d30d686ffbd6c60

  • SHA512

    574d9f5ab30e076d626e3f52d46f7e20217fa19bed1578c719e3aea3d725a603d479c09ee608a80d8eb16912341b6175a3caa7813fe93b3119d2b7603b26d7ce

  • SSDEEP

    49152:vxh+NscBxJb+hSi8BeKsVZiUWuvJrC7s6a5cQyksLmd:vxANs+xV+or5sTqKryVQyk

Score
10/10
asyncratwarrosediscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

WARrose

C2

proxa.kozow.com:7373

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Notificacion Demanda Laboral 698787/01Demanda laboral .exe

    • Size

      163KB

    • MD5

      0588ce0c39da3283e779c1d5b21d283b

    • SHA1

      1f264a47972d63db2cde18dc8311bc46551380eb

    • SHA256

      d5a6714ab95caa92ef1a712465a44c1827122b971bdb28ffa33221e07651d6f7

    • SHA512

      a5f97ac156d081cb4d9b3f32948eea387725c88af0f19e8bc8db2058a19e211648b7fd86708ff5e1db8f7b57ca3ab8edeba771c9d684c53bcb228ca71adab02a

    • SSDEEP

      3072:yK2FRsfrS8Ywp3GKJ7hDD/vRvDTX8QlevsqYau7j7/EecxurY:x1TSG/XT5Fau7pXk

    Score
    10/10
    asyncratwarrosediscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Notificacion Demanda Laboral 698787/madbasic_.bpl

    • Size

      212KB

    • MD5

      116cc9d5c9ce69449f5db38f539b8240

    • SHA1

      5aa6f69a7c2dab34fb2a9d9e06e59a795a53fd6f

    • SHA256

      b8a5d2bcbfacdb2a1a6d97cc6e8463619023956f759c53e7617d407dab91a460

    • SHA512

      5dda67f9437e3026baa6026de5f80a738054226524daf1b7b1f4f94733e2563016206a93c48cdd0776e3ce8fd91c82bf500c68c1368a3dbc207caabdf915fdac

    • SSDEEP

      6144:PN/k7QxE6qeM/k4qTl5L5e5+53WCG1IEySFhfo:NqeM/k4qR5L5e5+53Wfpzo

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      Notificacion Demanda Laboral 698787/maddisAsm_.bpl

    • Size

      64KB

    • MD5

      11efab4068cb4058207959e2638c2c1a

    • SHA1

      b1eac0879dcda14bdc0c2efd7f261d7c175208c3

    • SHA256

      11e3568f497c40331ee4a9e9973967e61b224e19204e09ed7451da3b74bd2ff5

    • SHA512

      ced6167612674232429c25e52ba051994b09fdaeaf3316505904456ef8d7063f2eb03b5a158f0a424f0ecb49673e6a3d6b57d61183c5f8402da3fe53af0bd185

    • SSDEEP

      1536:eNy3eqMne0sXB0IWtCLwEJhY0w1FwbiD7wlwei7:CqMnfIB04LwEJhY0w1UTnE

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      Notificacion Demanda Laboral 698787/madexcept_.bpl

    • Size

      438KB

    • MD5

      562ec96d0f65b0309ad7508d0e0ced11

    • SHA1

      0fe9dda664f4f8d9ae18603c5a25756710032a6f

    • SHA256

      fb64a5954b726d2d0f0bc26113a36dc8a86c469af994ceeaf2e2609743a0a557

    • SHA512

      876b82534764b2d156ce64d52771d38f245d330957287773f6b2360f48564b8d4a304449fa6f6400052165aaf433a191af2d3b38b194a9b1e892552dc0805fba

    • SSDEEP

      6144:XlAz49EKhEV30F8sl88nTjQ4Q50gEcW/jd+o72niVUNMa4Yn2lZ:XlG4ut30F8slzYlQcW/jd++2nJ6u2lZ

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      Notificacion Demanda Laboral 698787/rtl120.bpl

    • Size

      1.1MB

    • MD5

      e71e48e31ac728a6de7c020645f0c32f

    • SHA1

      7f86eadd1b7a0ab87b7ce7c2029bdef3d6fe1d8d

    • SHA256

      40a1d1a2f276738f568700ddccac99cdcd35b973fc8be86ab826c0d1abc9d6ff

    • SHA512

      5e41dbe7efac8a042a14c2f976d1afcd45e3f7531fb60daab61ac17ffd339d34e1c6746fce9e4b591b026598a89e38f36c6d24e33e2de0b39d81806259f9be2a

    • SSDEEP

      24576:0bhz5FWbA1msvIRzM7Rk5JZzSQ4+Is2D9Tx0gbo9:b2hTKgbo9

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      Notificacion Demanda Laboral 698787/vcl120.bpl

    • Size

      1.9MB

    • MD5

      9a438a75e68e88cdabc13074a17f8a52

    • SHA1

      97c94801d37d249ece7ba9aca05703303fd9cf06

    • SHA256

      ccccadde7393f1b624cde32b38274e60bbe65b1769d614d129babdaeef9a6715

    • SHA512

      19d260505972b96c2e5ae0058a29f61e606e276779a80732dbee70f9223dbff51dcb1f5e4eff19206c300ee08e6060987171f5b83ad87fdd8f797e0e2db529fc

    • SSDEEP

      24576:v2gt8PRUMggrgN/5tWw+eNVEXZB5SOCwhuuYY8RPyS9YEPI5yz6W:vRSf0Ww+NpPSyzYY8c8YEPI4+W

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks