Overview

overview

10

Static

static

3

Documento_...89.rar

windows7-x64

10

Documento_...89.rar

windows10-2004-x64

10

Documento_...89.exe

windows7-x64

10

Documento_...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Documento_Legal.N°39273822-1289.tar

  • Size

    583KB

  • Sample

    241206-yc3xdatlhv

  • MD5

    e5301d99eb87f0ec6efeb33ca44011f7

  • SHA1

    5e918641f0a8b5d582bb00e31078cebf1deda4db

  • SHA256

    9f234869febc12d41ea9e4520617b01ee96ee00044a285e23c5144568bdf82a5

  • SHA512

    7042365faa9b513e4f8283be7aaa3be198eab7b10f8ad143b886dd069d9bf9170ea60ad70e14287c3d62e90dac15ac96df2658a95beb24f0dc4c816b7968a3f8

  • SSDEEP

    12288:Vkav7xcnBkCLQYGAA/ITF6PMdBC4qJc+QAMt6FU5n+8Lng7TA2ZBXIuFxA:Vp7xcnBkcpxTYPGIFm+Qtqs+8LnOHBrW

Score
10/10
asyncratdicembrinos05discoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Dicembrinos05

C2

Mystudio201.casacam.net:8854

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Documento_Legal.N°39273822-1289.tar

    • Size

      583KB

    • MD5

      e5301d99eb87f0ec6efeb33ca44011f7

    • SHA1

      5e918641f0a8b5d582bb00e31078cebf1deda4db

    • SHA256

      9f234869febc12d41ea9e4520617b01ee96ee00044a285e23c5144568bdf82a5

    • SHA512

      7042365faa9b513e4f8283be7aaa3be198eab7b10f8ad143b886dd069d9bf9170ea60ad70e14287c3d62e90dac15ac96df2658a95beb24f0dc4c816b7968a3f8

    • SSDEEP

      12288:Vkav7xcnBkCLQYGAA/ITF6PMdBC4qJc+QAMt6FU5n+8Lng7TA2ZBXIuFxA:Vp7xcnBkcpxTYPGIFm+Qtqs+8LnOHBrW

    Score
    10/10
    asyncratdicembrinos05discoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Documento_Legal.N°39273822-1289.exe

    • Size

      1.2MB

    • MD5

      70c65845de82550d68a1d51e014d14e7

    • SHA1

      c8dcffc148c080554e084b065ebe96a3e761b228

    • SHA256

      8832b1c7296d3b9779f18c420660f81ca9c4ea3a24f2cd7f11e3522c385fc302

    • SHA512

      b5331b0b76b4a9d5462994cc2f62dd1b0a4e8f7f52998cef40bdbfd1292f44ffc7148ad5a4cf8b9f91a812373721223cf10c74c5c7242b066daccd6ada96f364

    • SSDEEP

      24576:0aHuv6yMFEny7QAJcAGd29MLHAvgapAGiO9fzy9bZr2kb06SEJsLs52BK2XyXDfh:0bvW37QaSd29MLHAvggt9fzy9bZr2kbf

    Score
    10/10
    asyncratdicembrinos05discoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks