General
-
Target
Microsofd.ps1
-
Size
441KB
-
Sample
220221-v7zxesafg8
-
MD5
9e3b4a2ed171ea1c888d569c7d98b944
-
SHA1
9f4b88c179ab1485f94bc13551d33aca4d80e18a
-
SHA256
fa74335c09c138eab6256c1fbb176aee9a8334aac65cff3bf9b602d9dc9dd554
-
SHA512
eac8f04457080f2ed89df83a76b3855a3a7864a0c3f85f59f4c2b871660b319028a934936e09c7269b829582dfc396b16031de359fffa911bb73b7fd2e48f028
Static task
static1
Behavioral task
behavioral1
Sample
Microsofd.ps1
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Microsofd.ps1
Resource
win10-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
{{{{____COINNNNNNBASE___}}}}}
python.blogsyte.com:6606
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Microsofd.ps1
-
Size
441KB
-
MD5
9e3b4a2ed171ea1c888d569c7d98b944
-
SHA1
9f4b88c179ab1485f94bc13551d33aca4d80e18a
-
SHA256
fa74335c09c138eab6256c1fbb176aee9a8334aac65cff3bf9b602d9dc9dd554
-
SHA512
eac8f04457080f2ed89df83a76b3855a3a7864a0c3f85f59f4c2b871660b319028a934936e09c7269b829582dfc396b16031de359fffa911bb73b7fd2e48f028
Score10/10-
Async RAT payload
-
Suspicious use of SetThreadContext
-