asyncrat

General

Target

3NOTIFICACIÓN ELECTRÓNICA CENDO RAMA JUDICIAL DEL PODER PÚBLICO ESM CONFIRMAR RECIBIDO.tar.CAB.tar.001.rar
Size

2.1MB
Sample

241118-mg45fsvdnr
MD5

d7331e0f2805c0e823ac1752f57c3dff
SHA1

906b584f4eacc8e22f7d5fbc3c5d9ef50b0ab850
SHA256

e0109770f45824e51fe40466c79cd5928d9c5573df92473cfdf4ec3394cc1b27
SHA512

256bf4427ad029dac6e0d086cfa8b972ade0e7cc94bd0598dbde368a41678b602a452d1d773e5478e3e6d40383373bcde6b81f3949944b752e1ad55132852ae7
SSDEEP

49152:UUOAGEzYeD6lXJ5knvOuKMai3PhHneoU7h06O9h:TOSzTDAZyvOuKrOwq6wh

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

30 WINS

C2

3010wins.duckdns.org:9003

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  NOTIFICACIÓN ELECTRÓNICA CENDO RAMA JUDICIAL DEL PODER PÚBLICO ESM CONFIRMAR RECIBIDO/00030 NotificacionElectronica.exe
- Size
  
  2.2MB
- MD5
  
  d9530ecee42acccfd3871672a511bc9e
- SHA1
  
  89b4d2406f1294bd699ef231a4def5f495f12778
- SHA256
  
  81e04f9a131534acc0e9de08718c062d3d74c80c7f168ec7e699cd4b2bd0f280
- SHA512
  
  d5f048ea995affdf9893ec4c5ac5eb188b6714f5b6712e0b5a316702033421b145b8ee6a62d303eb4576bf8f57273ff35c5d675807563a31157136f79d8a9980
- SSDEEP
  
  49152:rHOut2Bf0ajIM8XEEN6N0rE/I/vqn7krQEQusd5F:VbaMbXbE/I/SnwrQEQusd/
Score

10^/10

asyncrat 30 wins discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  NOTIFICACIÓN ELECTRÓNICA CENDO RAMA JUDICIAL DEL PODER PÚBLICO ESM CONFIRMAR RECIBIDO/d3dx9_43.dll
- Size
  
  1.9MB
- MD5
  
  d87de826ca653d3bfe426337eadc0ee3
- SHA1
  
  6b2b89a1c20912ba848777722e49978443cc4b80
- SHA256
  
  6f0b9e1f52998e21db8b5a07305d93e699e9e766c0d04403f436e2551946701e
- SHA512
  
  06faa842aab3ffe9fab4fc84951bbb38d499a1b0220cd4924571359521069ff2c56e702d640331dbf3b7feb59e67140bbf310f7c983918da8cde299f61432c67
- SSDEEP
  
  24576:QtU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBFl:t66l2u45BiNYFrz31Cv3D29kd6kcf
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4