General

  • Target

    c59ed15bd3089985200b63ff1f5bfb688fd47c799aa68c8ff49cdc784bf2a209

  • Size

    2.0MB

  • Sample

    241112-xel6zayepg

  • MD5

    1c3ec4b922f1fcd30997e28da46717ae

  • SHA1

    2b246f80fada21e9cfec16519927f0d5b7d6f8c0

  • SHA256

    c59ed15bd3089985200b63ff1f5bfb688fd47c799aa68c8ff49cdc784bf2a209

  • SHA512

    d16c617432505464c15ada8976079f64d309e77acb273daf1ceaef9943c20be1c4794b5ba40ddb95d2ac977e6eb26ed6f0ad5129215fa9683fb354402b3f9e06

  • SSDEEP

    49152:QCrYT+gtIUhDRFOZfeyxbttqbhy7aeHnd/fZhAe9l23K3sl:JrC/1hvoxbttv7aeDFlAasl

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

WARrose

C2

proxa.kozow.com:7373

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      DEMANDA FRAUDE FISCAL 5634564/01 DEMANDA FRAUDE FISCAL 0545465.exe

    • Size

      28KB

    • MD5

      b6f6c3c38568ee26f1ac70411a822405

    • SHA1

      5b94d0adac4df2d7179c378750c4e3417231125f

    • SHA256

      a73454c7fad23a80a3f6540afdb64fc334980a11402569f1986aa39995ae496d

    • SHA512

      5c0a5e9a623a942aff9d58d6e7a23b7d2bba6a4155824aa8bb94dbd069a8c15c00df48f12224622efcd5042b6847c8fb476c43390e9e576c42efc22e3c02a122

    • SSDEEP

      768:+yq82Ud7/zfkn8I+ilpd4TILqIgXYoBCH/3hprl:Zq824LfMV4TqqIgXYoBCH/3hpB

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of SetThreadContext

    • Target

      DEMANDA FRAUDE FISCAL 5634564/msvcr90.dll

    • Size

      638KB

    • MD5

      11d49148a302de4104ded6a92b78b0ed

    • SHA1

      fd58a091b39ed52611ade20a782ef58ac33012af

    • SHA256

      ceb0947d898bc2a55a50f092f5ed3f7be64ac1cd4661022eefd3edd4029213b0

    • SHA512

      fdc43b3ee38f7beb2375c953a29db8bcf66b73b78ccc04b147e26108f3b650c0a431b276853bb8e08167d34a8cc9c6b7918daef9ebc0a4833b1534c5afac75e4

    • SSDEEP

      12288:5hr4UC+Ju/A0BI4yWkoGKJwZ9axKmhYTMAO7wFKjCUmRyyPe:9JfyZFGKJjxKmhSMAB6CUmRyyPe

    Score
    3/10
    • Target

      DEMANDA FRAUDE FISCAL 5634564/python27.dll

    • Size

      2.5MB

    • MD5

      bcb47f9afdc413376cb398a9f10224e0

    • SHA1

      33f14f71b7ad0588290e8b52b14397be1ec5e0c7

    • SHA256

      b978df02dba6ad0494187e4b25d0a41ee889f6ab2d1e778dddc503c4244dcb7d

    • SHA512

      61b04e64987eb63cdacd402f79fc6d703b101036f4bd2e8798c3182b2bd2d47fc379e5a8ecc5417ecbf715986e3e71eb4dde2a4d5bdc6a5ae23fd4fc5dfc1123

    • SSDEEP

      49152:Ed0krhjbVYU9U/ElyrLKlvGBO58GBjd9nYM6JBe4PjnhMsQHNClhIdYTf2O+yX3M:tkrRyylvGB65fNCMghMtHIledkpQa

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks