asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

PROCESO DEMANDA FRAUDE FISCAL.zip
Size

8.0MB
Sample

241118-ktvqfaspct
MD5

12dd25fd1e2cbb506e505940605d953a
SHA1

34b6599e369869ed18de07604c65584b65ea6627
SHA256

316f169de869e16b0abc875bb3d60fb13b3be8509455ae5ceb65b9e4ccfb348c
SHA512

d5438f88b9a166fad58bf9ad6efd33a7d060541d2706af2040934cf64e320ace8bfe474a14a9dd1a06651a72df9df887fb0dcd8b71b5702e57204dca57d9b77b
SSDEEP

196608:yJHR3wdvZ7Bpe/JfBTVZjus5Doq22pGXBjC:ei7BpyJJZZiQoq2iAjC

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

enviodolares24.duckdns.org:8000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  PROCESO DEMANDA FRAUDE FISCAL/1 PROCESO FISCAL.exe
- Size
  
  145KB
- MD5
  
  ba99b11a84a19051eca441320af22f4e
- SHA1
  
  bb3a700fa2676d0223444a81796c7b21aa191ca8
- SHA256
  
  e631bf67c349ce3afc7d5960b0247af9466292bc314ff393dee0716f3a50fd5f
- SHA512
  
  e6e0541c121dc3260d4c48d1d788eff122a947c6ea8cd7da538edf6fd5f46cd37ee96f2c431575e31338ef93a5e21c81c51057734e29eec3814d4cd5100038e9
- SSDEEP
  
  3072:rzB34vWsdjDCaMGhxx+duAobuYqUN8p6ZbPMI5S5SOor:rziE9+Stob/zqp6ZW5SOQ
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  PROCESO DEMANDA FRAUDE FISCAL/QtCoreVBox4.dll
- Size
  
  2.9MB
- MD5
  
  54248bf77daee7d7c5619d9f285a1a9f
- SHA1
  
  14067d093fd36f5b021e3bd0c1623c5d747705ec
- SHA256
  
  e74616134806b6ebd473f950183ecb6908c3a6312676921176e9aa56e50d21f6
- SHA512
  
  054e246c84e1f337e640ed2c6513ff5ef2f285aabfd5debf5e1f0e5b141a20f6849ce9e8b9462332583a2f092a9d1359fae76f9496e6c844070e283caf4313a3
- SSDEEP
  
  49152:tNjXLRd49Rm2xEcjfMeTNaMJsv6tWKFdu9C5ToLyvL/6mShMZtmjNUVrciV5P+7H:tNRifJsv6tWKFdu9C5Mf
Score

1^/10
behavioral3 behavioral4
- Target
  
  PROCESO DEMANDA FRAUDE FISCAL/QtGuiVBox4.dll
- Size
  
  9.4MB
- MD5
  
  e74d017961a50822825aa733c6196efc
- SHA1
  
  4db6e896e19d43927377209b14e4abd928264671
- SHA256
  
  b13e868e0da8d43519b8694074bf70a8b90f9f1c27a89f168766f2fd435721be
- SHA512
  
  5750ff404c2835fb9df0512e1551b20b8f191280d8436fc196605931a40d8ca124a0e5686d9fe3a7b3dbd6cd9d81e13353a4d28d9669f859322ab66fe28cf8cf
- SSDEEP
  
  196608:xgPVEqXZkdKzT+G4VaA/rTOxdaOkjHtm9R+SyREiWI:xgdEqXZkdKzTF4VaA//OWOkjHtm9oSy1
Score

1^/10
behavioral5 behavioral6
- Target
  
  PROCESO DEMANDA FRAUDE FISCAL/QtOpenGLVBox4.dll
- Size
  
  865KB
- MD5
  
  4fc7c92babfa0c6c8341a57b63660058
- SHA1
  
  d5aad499f6abcb94bfec8509790fb81375ebefb2
- SHA256
  
  909481124b55b069b2ac196148514522853c849a80d4cbc7136e498dc77f34a1
- SHA512
  
  6602af365d6c7642409d95878e07c2f7054eab76794f51ff10a88388d1e292779cd3cbddea280d43eaa5bdc71661325e2da07020a2b481c32ba330d41e387b46
- SSDEEP
  
  12288:1OBHo6QjTC/14InHWMLF79ZJGHfYBvDoBYH:uSjm/14I5TmlBe
Score

1^/10
behavioral7 behavioral8
- Target
  
  PROCESO DEMANDA FRAUDE FISCAL/VBoxOGLhostcrutil.dll
- Size
  
  161KB
- MD5
  
  d01bfdcb832e310af8b74b9613741144
- SHA1
  
  88dcf21940f852e60026f3994b7cd6d4f2246e45
- SHA256
  
  943187c2fb090849721985a6119b3440180f7274bc752326a56f3c7862322bef
- SHA512
  
  ac3b9fb49967736fb1daa4bc9de62a7d4707a7f6c7b20ac20fadcb4a3e6f7e5e0542ad68f766c604f123f2400487043a1c531352846db2e08f808bae31ea9ada
- SSDEEP
  
  3072:6P1/Z1j0qQjlfDmM94CMX7UxdLa5WhKoyCo:6P1/ZpYlf6wdLa5WhKoyr
Score

1^/10
behavioral10 behavioral9
- Target
  
  PROCESO DEMANDA FRAUDE FISCAL/VBoxRT.dll
- Size
  
  4.0MB
- MD5
  
  d12a4c5e1196186ef847e3c014737e1e
- SHA1
  
  d3412d987bdbe7df0206c863b8aaf97b3f180b6f
- SHA256
  
  2ae1155c73e5d6aa03ae352d69531db9421c9209c792788e209ebaf9ca3e9325
- SHA512
  
  b10f9b271e17720d9e397f79e0611a50875e631c18833b680dc818abd716b41fd890d20b049c3a7a1005d7e4d95a81ac26e920c32d908116137100dbbfd9480f
- SSDEEP
  
  49152:TsNFpHQVfZqJru0K1kLo7RrObviwkZcrA2P16szn0uyIeOGTrLvQb8WR7D:JVfZq+1kLRGIn0uy7wb8
Score

1^/10
behavioral11 behavioral12
- Target
  
  PROCESO DEMANDA FRAUDE FISCAL/msvcp100.dll
- Size
  
  593KB
- MD5
  
  4f096d96285e06cd51aef7d2d3de04da
- SHA1
  
  c90ef0eb5b1a0b1b85ad6792291747fb6307dcdb
- SHA256
  
  5bb420fbe28315f2117376052bb8488ce84a3398dda65005b8ae1f792017e9a8
- SHA512
  
  80f558c50a71ad9c4930b3838b481e4fb453c38d57c91f7f70c1f86e4043b9a4fbcec27d7c025285504cbf3bde7c50b4770f18121d7818ac58e2ee9c2071f97c
- SSDEEP
  
  12288:uoBFUsQ1H5FH3YUTd/dfePA7XrNvEKZm+aWodEEGblH6t2:LFUsQ1H5FHdggrNvEKZm+aWodEEIH6t2
Score

1^/10
behavioral13 behavioral14
- Target
  
  PROCESO DEMANDA FRAUDE FISCAL/msvcr100.dll
- Size
  
  809KB
- MD5
  
  df3ca8d16bded6a54977b30e66864d33
- SHA1
  
  b7b9349b33230c5b80886f5c1f0a42848661c883
- SHA256
  
  1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
- SHA512
  
  951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0
- SSDEEP
  
  12288:3gzGPEett9Mw9HfBCddjMb2NQVmTW752fmyyKWeHQGokozS:QzJetPMw9HfBCrMb2Kc6ymyyKWewGzUS
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16