Overview

overview

10

Static

static

3

Oficio 391...ca.exe

windows7-x64

1

Oficio 391...ca.exe

windows10-2004-x64

10

Oficio 391...ng.dll

windows7-x64

1

Oficio 391...ng.dll

windows10-2004-x64

1

Oficio 391...ry.dll

windows7-x64

1

Oficio 391...ry.dll

windows10-2004-x64

1

Oficio 391...nu.dll

windows7-x64

1

Oficio 391...nu.dll

windows10-2004-x64

1

Oficio 391...0u.dll

windows7-x64

1

Oficio 391...0u.dll

windows10-2004-x64

1

Oficio 391...00.dll

windows7-x64

1

Oficio 391...00.dll

windows10-2004-x64

1

Oficio 391...00.dll

windows7-x64

1

Oficio 391...00.dll

windows10-2004-x64

1

Oficio 391...e3.dll

windows7-x64

1

Oficio 391...e3.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562.tar.uue.tar

  • Size

    8.6MB

  • Sample

    241118-mg4hxszkel

  • MD5

    d61cebb5f337851bef3ad33647882f93

  • SHA1

    2ff2c78d9c03a632828abdc69ca7820865af33d8

  • SHA256

    d12a8a14f5ee977e2eea9f2f41d1a611a515e977ae4d5dfe354a6976ff4882bd

  • SHA512

    6bbd236ff5be62276773535417c892f064be32ff73b2d9ae76ab5a037a59b4810af86825d7c76ef42cf38c57be1ace2a6d6467ba06ca4379a5db9b34ee0d7e7d

  • SSDEEP

    98304:ezFcHtyu20g27TTwiMfeEA5KFLOAkGkzdnEVomFHKnPA09kPsUfL:GIty10g2H8kEHFLOyomFHKnPA09kPv

Score
10/10
asyncrat12 noviembrediscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

12 noviembre

C2

12novwins.duckdns.org:9003

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562/00012 NotificacionElectronica.exe

    • Size

      455KB

    • MD5

      c544a0e2e173c94fa9069c73e7af6367

    • SHA1

      1b8040c145d6cb2af6d1d9c1dc6878d51820e53b

    • SHA256

      9d8547266c90cae7e2f5f5a81af27fb6bc6ade56a798b429cdb6588a89cec874

    • SHA512

      f47694025fad1c67b727c9836d3663fa0f251a46e855e78e4c323beac1d82d13632e10d16e06e0d81718953ed6e06ee5e918195268ba988f3e555b432f1784a7

    • SSDEEP

      3072:JrD9fI1D2oKZrGp4Lczp9+fOZveTHdHZ0Cp2Sb0Q0F:U1D2XGp4LczSOle5Zzp2Wg

    Score
    10/10
    asyncrat12 noviembrediscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562/GSLogging.dll

    • Size

      44KB

    • MD5

      a3b858a04592d13335a9e43804f0527a

    • SHA1

      8f0386a0a240676b7cfdfcb2f70888a2033fc84a

    • SHA256

      7d42e121560bc79a2375a15168ac536872399bf80de08e5cc8b3f0240cdc693a

    • SHA512

      26baad23d4ec8c4911bf801bdcb2aa541116da60df8c9aa1c8e31bc0979c87c84e0e3a843544d6be185dded2073cfdb223ccf9a7f3c0725cd37427d39f747848

    • SSDEEP

      768:AyRVi0Nh6ZdsV5mHOkn9Uk2Ek5Txk/ABVvjoeCAGKo7yO/2FkGB:1ZNhAzUA4/1XVO/2FjB

    Score
    1/10
    behavioral3behavioral4

    • Target

      Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562/MigrationLibrary.dll

    • Size

      107KB

    • MD5

      86d02c85056a2f0540babc63212bb1b6

    • SHA1

      0b622c4943c8cc31cbcdbfec5324d4d7495cc94f

    • SHA256

      ea748caf0ed2aac4008ccb9fd9761993f9583e3bc35783cfa42593e6ba3eb393

    • SHA512

      359476a5d66e97ed21b1f0b2ea80ed6e791ab531a215b1eba8e32ca97258c471a7b74ecfc86f964f31d07e6b8cbfe16dd0b5bacce282ed801a1c59bb605e0367

    • SSDEEP

      1536:2FCb5MQDySAmIfBYkemithpg5E+FrdAAdIDSpQZifWrUYiQxYaBW2OlRbvb:2FE5yrfSmitoGypDIDTQcBW2OlRb

    Score
    1/10
    behavioral5behavioral6

    • Target

      Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562/mfc100enu.dll

    • Size

      53KB

    • MD5

      5e2f28a979a0ce9b43f1815a593617c5

    • SHA1

      a2414a20ffcfd558a9ef5c10bfd6be96c91d87eb

    • SHA256

      ce0905a140d0f72775ea5895c01910e4a492f39c2e35edce9e9b8886a9821fb1

    • SHA512

      4687af53512eb29ad72c213cbcd27bfd5454c3791a727a8f35808f5fc74c54f2bdfe3267e708433041ed2acd65a8fe59a791a83f497dfc0131c45ee1c7693390

    • SSDEEP

      768:lgIdijcuEhCgysM6B1CLPLNq5f/nWHBNheOU2fd5Lb6Fjpv/z:uI0ifysM6B8PLNYf/nWHNTd16F5L

    Score
    1/10
    behavioral7behavioral8

    • Target

      Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562/mfc100u.dll

    • Size

      5.3MB

    • MD5

      85ed13922df97474af9979ca456c6748

    • SHA1

      d79cdd200b6543e06d18ed67e44c7bba50de7d85

    • SHA256

      4c33d4179fff5d7aa7e046e878cd80c0146b0b134ae0092ce7547607abc76a49

    • SHA512

      dcf9bb66a621d49d036f418337c2c454c3a3212c3d008c2dfe764b374ffaed1ce7ea3c6fb30f0c30a64ae3b901146fe474427e9bf4931e01e1a5cb5dcf2b5033

    • SSDEEP

      98304:H0g27TTwiMfeEA5KFLOAkGkzdnEVomFHKnPA:H0g2H8kEHFLOyomFHKnPA

    Score
    1/10
    behavioral10behavioral9

    • Target

      Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562/msvcp100.dll

    • Size

      593KB

    • MD5

      d029339c0f59cf662094eddf8c42b2b5

    • SHA1

      a0b6de44255ce7bfade9a5b559dd04f2972bfdc8

    • SHA256

      934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c

    • SHA512

      021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82

    • SSDEEP

      12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/

    Score
    1/10
    behavioral11behavioral12

    • Target

      Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562/msvcr100.dll

    • Size

      809KB

    • MD5

      366fd6f3a451351b5df2d7c4ecf4c73a

    • SHA1

      50db750522b9630757f91b53df377fd4ed4e2d66

    • SHA256

      ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

    • SHA512

      2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

    • SSDEEP

      12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1

    Score
    1/10
    behavioral13behavioral14

    • Target

      Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562/sqlite3.dll

    • Size

      723KB

    • MD5

      c66a7d728dda63a285388f4bd7fd35dc

    • SHA1

      859f3e4c140a76a12ff7fda9b384480cc4479b7e

    • SHA256

      eda647ca391f1a46070e6ff493d6e1b6a28320ed6758f9b08bd3474519f1544c

    • SHA512

      e58c5ca8a3275c9d5ba59f04a8c6aabdac6c8adeca162588166da52e90f7cabf5616a0ca8cb2430a6885d36e4cbb16a5d6bb8c5979d86444686f09045d958765

    • SSDEEP

      12288:BEQuQ2u+RQ88mBN18qc7EWQ3IsAmRCaliLyaoeSzjYDqnWXTjFCAM+tAAPOA:BRhfONOpweDDcWXTRCAU

    Score
    1/10
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks