General
-
Target
1.ps1
-
Size
188KB
-
Sample
220425-xd5a6ahbel
-
MD5
bf0828394ed5062ac6d092724abbc38e
-
SHA1
94f0b01132fc768bdd8158cb3aa4ede1e73cbc1e
-
SHA256
d0194d0b1da16bc51698d9d246f6c99ad71c2da1a3da4c06d99969749382326c
-
SHA512
974d4cfbe54d4f38421d0b63ee3a199180952f4075568dae72a5d8f75cda86684e9f1408b22b2aee322290b25c32c7d9092ac58aed24707ccf162e09952423b0
Static task
static1
Behavioral task
behavioral1
Sample
1.ps1
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
2
anderione.com:5253
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
1.ps1
-
Size
188KB
-
MD5
bf0828394ed5062ac6d092724abbc38e
-
SHA1
94f0b01132fc768bdd8158cb3aa4ede1e73cbc1e
-
SHA256
d0194d0b1da16bc51698d9d246f6c99ad71c2da1a3da4c06d99969749382326c
-
SHA512
974d4cfbe54d4f38421d0b63ee3a199180952f4075568dae72a5d8f75cda86684e9f1408b22b2aee322290b25c32c7d9092ac58aed24707ccf162e09952423b0
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-