General

  • Target

    Orden de Noviembre.com

  • Size

    552KB

  • Sample

    241104-n6e3asskhr

  • MD5

    4940da1a6d964cc9090584fdb9ff306d

  • SHA1

    e5be22aa824effd315eac3704dcc8790b0718dc0

  • SHA256

    d8a9180da33ecaa39821ee77065c78cdf428a2c83afdbfa923e4db651b859961

  • SHA512

    6febe5992c168273500e081967c648cef21b1f0c9cd0b11bfc16c9e1975fb5bae82cffb732a9baf6c5a38bb5adf5be814eb8ab75ce24be080092190c9d72bf91

  • SSDEEP

    12288:ClxHRmQa1wEqTH+nsh1XMav+HaezctT4hZfmg:8HRmcH+meaWFzcts/fF

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:1960

cuit.ydns.eu:1960

Mutex

Ym9duGjX2Yzz

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Orden de Noviembre.com

    • Size

      552KB

    • MD5

      4940da1a6d964cc9090584fdb9ff306d

    • SHA1

      e5be22aa824effd315eac3704dcc8790b0718dc0

    • SHA256

      d8a9180da33ecaa39821ee77065c78cdf428a2c83afdbfa923e4db651b859961

    • SHA512

      6febe5992c168273500e081967c648cef21b1f0c9cd0b11bfc16c9e1975fb5bae82cffb732a9baf6c5a38bb5adf5be814eb8ab75ce24be080092190c9d72bf91

    • SSDEEP

      12288:ClxHRmQa1wEqTH+nsh1XMav+HaezctT4hZfmg:8HRmcH+meaWFzcts/fF

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks