Overview

overview

10

Static

static

3

00254-ENVI...DA.exe

windows7-x64

10

00254-ENVI...DA.exe

windows10-2004-x64

10

00254-ENVI...CI.dll

windows7-x64

3

00254-ENVI...CI.dll

windows10-2004-x64

3

00254-ENVI...fo.htm

windows7-x64

3

00254-ENVI...fo.htm

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f5f242cc25298fe88e7907db93cf65c.001

  • Size

    1.9MB

  • Sample

    241126-3r9exssmdj

  • MD5

    9f5f242cc25298fe88e7907db93cf65c

  • SHA1

    9c5da9dc3c94839f3a2999222afaa954719e98f0

  • SHA256

    7b650f4133b914e5ceda853b85dfc39b4c08e32150fd1ca30db7054169a8f658

  • SHA512

    4061ad490d39e0ed404c09bbe522fde76fae73ac5e91835df7f87cc0f6cddc1f63d368706e2bebbaa97b413bc85f741ec06500f96924adc2a90d1156ebdcf1e7

  • SSDEEP

    49152:SoPI8VfmIfnTjDTh7TtrG7wj9rH0SwNoI8q5bvE4Jb+4:d5+IfTjDT9tS7U9rUSwB8GEab+4

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

perroshp.duckdns.org:3030

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      00254-ENVIO COPIA DE LA NOTIFICACION ELECTRONICA DEMANDA JUZGADO PENAL CIRCUITO RAMA JUDICIAL/0-NOTIFICO DEMANDA.exe

    • Size

      4.6MB

    • MD5

      ae2a273bd3297d0abe74f940f76575a8

    • SHA1

      73a8eaff4cb01bc03826bc90e7bd5f658bf2f5ac

    • SHA256

      1fd92aa46464f8453e33dc7461f80ee7b441f9042e9d0110086226c5f725bd9f

    • SHA512

      233e8d400138a72a2c64dcfcc0212e771c51d49a499e6a607b2b5a6ff4582fef05ebf551380193a5d00f9179e2b431ddc25a7e556a2857704008a4f5d3a2455a

    • SSDEEP

      98304:nXTE4R/w8VGgIW7ZLl3F2xXFHOBe1gORB9O:nXTE4RnQWBl3MgOE

    Score
    10/10
    asyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      00254-ENVIO COPIA DE LA NOTIFICACION ELECTRONICA DEMANDA JUZGADO PENAL CIRCUITO RAMA JUDICIAL/CI.dll

    • Size

      419KB

    • MD5

      a10ddb8347bc7dba40b7b0b500087926

    • SHA1

      b3fd873f8446b25d869a463198a44389e7e3ac0f

    • SHA256

      9d074df5fb2e1556f8b2b79d280d47fad065fa20ad2dab662552801da90f8338

    • SHA512

      013ee68c49e9dffb861445dca210a2f19f4fc762d0773477770cfbded8ae64f2b0c1b4f0b511450215bdf9d73077af2451e463819eb83bf5d2dc394eefabe761

    • SSDEEP

      12288:valuwmjhN3joZl5Lv0kMUeqqUMsTzi4nT8pXp:BwmjIv0Ttqqk3JT8pXp

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      00254-ENVIO COPIA DE LA NOTIFICACION ELECTRONICA DEMANDA JUZGADO PENAL CIRCUITO RAMA JUDICIAL/info.htm

    • Size

      949B

    • MD5

      6642ecfd9abc4c366908d1107ba2514f

    • SHA1

      3420d1750a40ecbc3764810fd9193e855f33078f

    • SHA256

      89a7d58c875458308f86299b03ac99b73cf4fb7a14dbc43c94b4295f12696a7a

    • SHA512

      d5f469b2313510bba79c840c3dec9dff160bf68f48b12f3aaf107472e0f03435bfb2eaa9962b536e27eb66647304d7760e11ef22868bf129f698edbb057c7dc5

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks