General

  • Target

    URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562.tar.uue.tar

  • Size

    8.6MB

  • Sample

    241219-jegplavnew

  • MD5

    dd9d133f09ddd0a864b843313af08cab

  • SHA1

    b09affaba79f8ddd94863340d7d43b3fae850bbb

  • SHA256

    fdebbf313b6c8bf7a2db3ef7a19425c32ce87c5874b5d62ea65e4c0dacfa175a

  • SHA512

    9729fb43c0bea49b84c90bee8cd227489f07916488d406a0bf71ebaccea488a1b86247da95aec9dff5faade155c0a79d51e510da7d2430cc6fc54c708ece604e

  • SSDEEP

    98304:QzFcHtyue0g27TTwiMfeEA5KFLOAkGkzdnEVomFHKnPAHxkPsqfL:0Ity50g2H8kEHFLOyomFHKnPAHxkPd

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

12 noviembre

C2

12novwins.duckdns.org:9003

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      URGENTE Oficio 391 NOTIFICACIÓN ELECTRÓNICA CENDO RAMA RADICADO 153153135 000 6562/00012 NotificacionElectronica.exe

    • Size

      455KB

    • MD5

      c544a0e2e173c94fa9069c73e7af6367

    • SHA1

      1b8040c145d6cb2af6d1d9c1dc6878d51820e53b

    • SHA256

      9d8547266c90cae7e2f5f5a81af27fb6bc6ade56a798b429cdb6588a89cec874

    • SHA512

      f47694025fad1c67b727c9836d3663fa0f251a46e855e78e4c323beac1d82d13632e10d16e06e0d81718953ed6e06ee5e918195268ba988f3e555b432f1784a7

    • SSDEEP

      3072:JrD9fI1D2oKZrGp4Lczp9+fOZveTHdHZ0Cp2Sb0Q0F:U1D2XGp4LczSOle5Zzp2Wg

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks