Overview

overview

10

Static

static

1

DOCUMENTOS...03.exe

windows7-x64

7

DOCUMENTOS...03.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOCUMENTOS Y ANEXOS DETALLADOS, RADICACION PROCESO LEGAL Y RECAUDO 985327103.rar

  • Size

    948KB

  • Sample

    241226-w4ktrsvkdj

  • MD5

    f0b997dcd5203f2569654aa2c72535a7

  • SHA1

    843179ef25bbce4a110c0199a8e5f9411044f723

  • SHA256

    930a9bf004dee456c3868ce8e56d84be9623af3009fe420d876dce609ca9b44b

  • SHA512

    48c13d594be6373108b69e7fdc04bc2818f7027d62c88a5dae5496b61dd554c5167aa740910bb84f28f41b57c6042b7975724d40eb8a3bd0e0537106731e4e5e

  • SSDEEP

    24576:Gg1U8rkEV3o7+KJLMoR8pZwmgGE/WpLJp5x:GCUvEV3oiSLSgWyWpn5x

Score
10/10
asyncratserverrenverdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

SERVERRENVER

C2

renver.duckdns.org:6606

Mutex

uuooxuxbnkywum

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      DOCUMENTOS Y ANEXOS DETALLADOS, RADICACION PROCESO LEGAL Y RECAUDO 985327103.exe

    • Size

      976KB

    • MD5

      fe8862c6c843258e2fca25c11be452fe

    • SHA1

      8a587209fa105ec082b2ce0ef4d8b018724e1002

    • SHA256

      ac11749de9b58667bfa0a04d1d83ea111fa02a874a2542b26753e0e710c924e0

    • SHA512

      d7f17bd9efbce97c286d2bbb83100f31bbb0d7652fdadc14550f936e5c78bcc5cdadd1671917c9b8efc3b93e44e8c689616a5e42ef5922a55051ec4a15a2d6db

    • SSDEEP

      24576:woyA4mg6wrtUtoJqXufXiwAMUeuUE/2w0V5vMDkG:j8rtHa8X/fw0vs

    Score
    10/10
    discoveryasyncratserverrenverrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks