General

  • Target

    f55c8a2d68a72960ea15ff454c6b5a4d.rar

  • Size

    941KB

  • Sample

    241210-w1llwsxqgq

  • MD5

    f55c8a2d68a72960ea15ff454c6b5a4d

  • SHA1

    82667d112a6c1190354066465568ff96d46d4158

  • SHA256

    1c83043a3a17ac6a09c516a6bba1453247f7fb7a9aa512e95ed049d4ecfdf96c

  • SHA512

    7ce63dc8dccf975f9014f1100a603ea779735719f517502e4ce9ec71215e32c7d29d1372c52d7801a25654b0c3f07b56004491c3d91e653e247a740310fdce30

  • SSDEEP

    24576:MY4IH2pS9e4XHAuWFOtD6LpCWupXCT/erbdVt:txH2E9eUdWlNnjed

Malware Config

Extracted

Family

latentbot

C2

santiagovenecia7050.zapto.org

Targets

    • Target

      VISUALIZAR FACTURA ELECTRONICA GENERADA; 900436401; SOCIEDAD DE COMERCIALIZACION INTERNACIONAL NATTUAL SAS; FEV; 1289;DOCUMENTO EMITIDIO.exe

    • Size

      956KB

    • MD5

      81111fe6e4e37b4ef5507cd47a3262cb

    • SHA1

      5c2036ac6fc6e1ae89492eb9bb05efef7ca7c6c5

    • SHA256

      6d01f5803ae40a48497dbee43b4fe80818b48df22950208244590091f8cc9eb2

    • SHA512

      58914df9dca6ff14d1654d99a40c3d77fdd9b8366245e749e1eb8b4e7f9dc65c9587788314b9634ef14dc13782ae9571a98a0cbc46b14d09ef2aa4aaef169b7e

    • SSDEEP

      24576:0E57VUKfFNo3ePQiHSmx+hYPnBcpbz4/:0U7mKfFNoAymxcYPBcpn4

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks