Overview
overview
10Static
static
ISO/Binnot.bat
windows10_x64
1ISO/Binnot.ps1
windows10_x64
1ISO/Binnot.vbs
windows10_x64
3ISO/Unlimited.bat
windows10_x64
1ISO/Unlimited.ps1
windows10_x64
10ISO/Unlimited.vbs
windows10_x64
3Unlimited/...ot.ps1
windows10_x64
1Unlimited/...ot.vbs
windows10_x64
3Unlimited/...ed.bat
windows10_x64
1Unlimited/...ed.ps1
windows10_x64
10Unlimited/...ed.vbs
windows10_x64
3General
-
Target
Unlimited.7z
-
Size
157KB
-
Sample
220531-3jz7aaddd4
-
MD5
89977aada65459ed24de995af822b2e7
-
SHA1
29d9396b4dfcec849e65d75b88369c8d757777fc
-
SHA256
6ce7ce1af52e51f8b00c5909ecf7d3bab9d43a7502bde1445614d0b34b8baab4
-
SHA512
04fcff8e923bfedaed7351480b9167b97e8830d349666098c65f7dcff0d86ed8b7f8451dc813b1857116ee504d96d84e091474ec2f6424951450d664b442fa4f
Static task
static1
Behavioral task
behavioral1
Sample
ISO/Binnot.bat
Resource
win10-20220414-en
Behavioral task
behavioral2
Sample
ISO/Binnot.ps1
Resource
win10-20220414-en
Behavioral task
behavioral3
Sample
ISO/Binnot.vbs
Resource
win10-20220414-en
Behavioral task
behavioral4
Sample
ISO/Unlimited.bat
Resource
win10-20220414-en
Behavioral task
behavioral5
Sample
ISO/Unlimited.ps1
Resource
win10-20220414-en
Behavioral task
behavioral6
Sample
ISO/Unlimited.vbs
Resource
win10-20220414-en
Behavioral task
behavioral7
Sample
Unlimited/ISO/Binnot.ps1
Resource
win10-20220414-en
Behavioral task
behavioral8
Sample
Unlimited/ISO/Binnot.vbs
Resource
win10-20220414-en
Behavioral task
behavioral9
Sample
Unlimited/ISO/Unlimited.bat
Resource
win10-20220414-en
Behavioral task
behavioral10
Sample
Unlimited/ISO/Unlimited.ps1
Resource
win10-20220414-en
Behavioral task
behavioral11
Sample
Unlimited/ISO/Unlimited.vbs
Resource
win10-20220414-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Random
mekhocairos.linkpc.net:6666
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ISO/Binnot.bat
-
Size
96B
-
MD5
f1d747a7825a5db756d428a5254d244e
-
SHA1
7db56fe57492bd856c787cd2a836eff4f2ce5e01
-
SHA256
5863b76caee43b2f1efdd2322f2e5731b1537d1deeb35e860cd75a8304fe4ddf
-
SHA512
4b1f63df96b8f9e2a381855974b2efab5bd48ae342b1e29a51661d0514ba6f8e62d23e3e58a9a9f978d39880ab03a9b9bf72ab52a546a965da20daa18c4d246d
Score1/10 -
-
-
Target
ISO/Binnot.ps1
-
Size
781B
-
MD5
58ef18971b1520648e0c6d67036251ff
-
SHA1
68bd1ee657ff233f6a1ee453914aaecdeb845284
-
SHA256
226b14799e579e28954937fa3ffdb7d0e5dcd10360b35c329a7246a23be4b4b3
-
SHA512
9b7f04aca4b3e2af5aafdc9ea30c1722722d668078bea8b0aaa2394d0cb50ac75716fb9173d4084bd5a9cfaa279bd94404b64c140532daa5b3bdd66842f332d2
Score1/10 -
-
-
Target
ISO/Binnot.vbs
-
Size
161B
-
MD5
7b0e58ca3cd90265cfad552b57b52726
-
SHA1
732d67419df7ae6ab6512e697f7cdfd72aad4f15
-
SHA256
f6f353790e3f1f92ac7be5bc0f03a334e199cbbd53392e9eb8079f9b8495cc6f
-
SHA512
9f4853237c88f2045bdacc616360f67abadfec21547a3413f0e72491e0c9d896030a3091e3bf5453f0b787c6dfcaea51c4eaa3e15a1ab982b7e3d5159172c0ba
Score3/10 -
-
-
Target
ISO/Unlimited.bat
-
Size
99B
-
MD5
eff64d56c40c54a1f9891d7a6ad54899
-
SHA1
dbaf9a4aeb8484690d6118155d59158598f0799a
-
SHA256
c846b192c5dc974c6d63024a06d4c31b2f7c8baa61af133e5b00009b68df86e2
-
SHA512
c89f82c7807b947e10f82740c01d5cb996e95c4a6e79375eee6b981d0ed911d31537e964d0cefef874c7e12f9f4baf237f0f9ed44de866abd3c8030a25b7cc83
Score1/10 -
-
-
Target
ISO/Unlimited.ps1
-
Size
251KB
-
MD5
6657fc9e8926638f42aae4b566b50bbe
-
SHA1
d0d24bf6e78abcff97a912edf8c9412d722901dd
-
SHA256
b55341d158e0c269cc666df13a45174044159d5582d299c93c3e642fdeae32bf
-
SHA512
cb337bc9d3334b97866e1e94d1de846007ff1a80b4ebe4ea3794449b663515794a7243e16355e85cd6c59e7da13d70fe60b82bfe33db443980b8840c335c5f77
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Suspicious use of SetThreadContext
-
-
-
Target
ISO/Unlimited.vbs
-
Size
165B
-
MD5
b1b2e3fb678ad030e95ff623fe80d979
-
SHA1
cf00dc8fb35e255fee951b6baf08fd44e1e5b5fc
-
SHA256
19a88a8c19ad3f6dde00c79954d9822f1197bb0c73a4c166470fd44de4c89f33
-
SHA512
15d4670d547cf6556198fffd4c2ce7a614c948d7aa1361ad80187fe5abf163c9ef61e0c5693d145dce3194bbfae5f0734b3827feee7c0418c19e88f2d87aae62
Score3/10 -
-
-
Target
Unlimited/ISO/Binnot.ps1
-
Size
781B
-
MD5
58ef18971b1520648e0c6d67036251ff
-
SHA1
68bd1ee657ff233f6a1ee453914aaecdeb845284
-
SHA256
226b14799e579e28954937fa3ffdb7d0e5dcd10360b35c329a7246a23be4b4b3
-
SHA512
9b7f04aca4b3e2af5aafdc9ea30c1722722d668078bea8b0aaa2394d0cb50ac75716fb9173d4084bd5a9cfaa279bd94404b64c140532daa5b3bdd66842f332d2
Score1/10 -
-
-
Target
Unlimited/ISO/Binnot.vbs
-
Size
161B
-
MD5
7b0e58ca3cd90265cfad552b57b52726
-
SHA1
732d67419df7ae6ab6512e697f7cdfd72aad4f15
-
SHA256
f6f353790e3f1f92ac7be5bc0f03a334e199cbbd53392e9eb8079f9b8495cc6f
-
SHA512
9f4853237c88f2045bdacc616360f67abadfec21547a3413f0e72491e0c9d896030a3091e3bf5453f0b787c6dfcaea51c4eaa3e15a1ab982b7e3d5159172c0ba
Score3/10 -
-
-
Target
Unlimited/ISO/Unlimited.bat
-
Size
99B
-
MD5
eff64d56c40c54a1f9891d7a6ad54899
-
SHA1
dbaf9a4aeb8484690d6118155d59158598f0799a
-
SHA256
c846b192c5dc974c6d63024a06d4c31b2f7c8baa61af133e5b00009b68df86e2
-
SHA512
c89f82c7807b947e10f82740c01d5cb996e95c4a6e79375eee6b981d0ed911d31537e964d0cefef874c7e12f9f4baf237f0f9ed44de866abd3c8030a25b7cc83
Score1/10 -
-
-
Target
Unlimited/ISO/Unlimited.ps1
-
Size
251KB
-
MD5
6657fc9e8926638f42aae4b566b50bbe
-
SHA1
d0d24bf6e78abcff97a912edf8c9412d722901dd
-
SHA256
b55341d158e0c269cc666df13a45174044159d5582d299c93c3e642fdeae32bf
-
SHA512
cb337bc9d3334b97866e1e94d1de846007ff1a80b4ebe4ea3794449b663515794a7243e16355e85cd6c59e7da13d70fe60b82bfe33db443980b8840c335c5f77
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Suspicious use of SetThreadContext
-
-
-
Target
Unlimited/ISO/Unlimited.vbs
-
Size
165B
-
MD5
b1b2e3fb678ad030e95ff623fe80d979
-
SHA1
cf00dc8fb35e255fee951b6baf08fd44e1e5b5fc
-
SHA256
19a88a8c19ad3f6dde00c79954d9822f1197bb0c73a4c166470fd44de4c89f33
-
SHA512
15d4670d547cf6556198fffd4c2ce7a614c948d7aa1361ad80187fe5abf163c9ef61e0c5693d145dce3194bbfae5f0734b3827feee7c0418c19e88f2d87aae62
Score3/10 -