General
-
Target
stuff.ps1
-
Size
188KB
-
Sample
220413-2l9m3afhgl
-
MD5
8254ae9b0d6365640abaf15d2d74a4ab
-
SHA1
072d72634d8ddfe16e8065822797d61e8f2cf6a1
-
SHA256
4c4940488f9f3281b8cf4e88d400d4b18285addc198021cbc7dc990b4ab10aa7
-
SHA512
c84f06d269a0abfb5cff67a08b191468d7ba094830c994743e4f759eb6aba4d23de3f7290bd9cc2991ba01eca8c298734fe38397313f751456c111b72986f247
Static task
static1
Behavioral task
behavioral1
Sample
stuff.ps1
Resource
win7-20220311-en
Malware Config
Extracted
asyncrat
0.5.7B
1
anderione.com:5252
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
stuff.ps1
-
Size
188KB
-
MD5
8254ae9b0d6365640abaf15d2d74a4ab
-
SHA1
072d72634d8ddfe16e8065822797d61e8f2cf6a1
-
SHA256
4c4940488f9f3281b8cf4e88d400d4b18285addc198021cbc7dc990b4ab10aa7
-
SHA512
c84f06d269a0abfb5cff67a08b191468d7ba094830c994743e4f759eb6aba4d23de3f7290bd9cc2991ba01eca8c298734fe38397313f751456c111b72986f247
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-