Overview

overview

10

Static

static

3

Demanda No...08.exe

windows7-x64

3

Demanda No...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2470ef00cbbf56c0072669543329384.uue

  • Size

    363KB

  • Sample

    241112-r492fatmey

  • MD5

    b2470ef00cbbf56c0072669543329384

  • SHA1

    eb30f49b94c3fd719748b4c476c84f714db9058d

  • SHA256

    5d781ca196bde78f79fc302ddcf953b698969980fe7317f6db65a6641ff870a1

  • SHA512

    14c4f3cb7a064d2441677e2a4cf5f8f07aeb86f78667aad56a97d1940a6ebdc358296f89df923f311fbee454c5ec2b52357660c019ec086ff871ad33f8d4ecd1

  • SSDEEP

    6144:MizG05LJWMLpbMh1ZzpucqMT6irhwPr0S8Bsq0CXqJ6Z/voUSyCnICd:MirLJxihbzoXMTLqj0S8q9J6Z/vtSHnZ

Score
10/10
asyncratn12discoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

N12

C2

nuevodcsrathjd.duckdns.org:8081

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Demanda No 2024-125421208.exe

    • Size

      363KB

    • MD5

      b6241e5b33792a2e0dd50c64ec3b02cc

    • SHA1

      fb42827ef55f27a81226d8f4d79be7c018646089

    • SHA256

      148806d795bae49568e4f2be94b53f067b6ee1aa67a5ecd9cb9ac21ea60a37f5

    • SHA512

      8cd94183b1696fae1862bfa0c3a254ee9d14f5d101c2a822c1058afe67edb469980b8937227a3da578fb1a968287f59858f6572de8629d91d7d0ab7ebaa70aaa

    • SSDEEP

      3072:rWWe7EIwyZUFSxwpzwr7xZppZsyeKjuOuVk9FB6mIqloS7rOCovd25UvWdITg/tX:AZHewr7TxsxKxFcm3frzovd2eGOgmK

    Score
    10/10
    discoveryasyncratn12executionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks