General
-
Target
mevlbkxshp.ps1
-
Size
119KB
-
Sample
220415-pl6j7acag2
-
MD5
cc55cf5d17726a6137c51fecff65659f
-
SHA1
039339bd25e0a3a6183d1c848007377f939eeb04
-
SHA256
2d97a2fb3bb70289266079670be42efa882a361e922dee6a109884222b3336d6
-
SHA512
8df91c615f07b9b722616a4e43a6869ce701d4eb82be43c2e7eaee43845f5b61e657c918d741d65459b7fe9c96ebde4ff6811398f1e63e57d205e9411bfb905a
Static task
static1
Behavioral task
behavioral1
Sample
mevlbkxshp.ps1
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
mevlbkxshp.ps1
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
1.0.7
Default
rick63.publicvm.com:5900
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
mevlbkxshp.ps1
-
Size
119KB
-
MD5
cc55cf5d17726a6137c51fecff65659f
-
SHA1
039339bd25e0a3a6183d1c848007377f939eeb04
-
SHA256
2d97a2fb3bb70289266079670be42efa882a361e922dee6a109884222b3336d6
-
SHA512
8df91c615f07b9b722616a4e43a6869ce701d4eb82be43c2e7eaee43845f5b61e657c918d741d65459b7fe9c96ebde4ff6811398f1e63e57d205e9411bfb905a
Score10/10-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
Async RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-