General
-
Target
Unlimited.ps1
-
Size
241KB
-
Sample
220701-fkdy4sefe9
-
MD5
e9dd6ae79fddbcabe2aa76e8fddd0244
-
SHA1
7ba6c74d36634c6b673ecd05d69a22038e171c6f
-
SHA256
5227ed40f5ee2c8d976365582e7550bf43e1cedaca4ffdbf3f6993d78826ac47
-
SHA512
bbffbc363bbd1b97a21b8651f39998de6e7c9c8212e0a8c8ef4e9990b1af18a9b78e835bc2b41f87c5993e82e407d44f09009a6f6cb634d8dec06c9fa0b46244
Static task
static1
Behavioral task
behavioral1
Sample
Unlimited.ps1
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
$$$$
cdtpitbull.hopto.org:7707
cdtpitbull.hopto.org:4404
cdtpitbull.hopto.org:5505
cdtpitbull.hopto.org:3303
cdtpitbull.hopto.org:2222
chromedata.accesscam.org:7707
chromedata.accesscam.org:4404
chromedata.accesscam.org:5505
chromedata.accesscam.org:3303
chromedata.accesscam.org:2222
datacontrol.ddns.net:7707
datacontrol.ddns.net:4404
datacontrol.ddns.net:5505
datacontrol.ddns.net:3303
datacontrol.ddns.net:2222
cdt2023.ddns.net:7707
cdt2023.ddns.net:4404
cdt2023.ddns.net:5505
cdt2023.ddns.net:3303
cdt2023.ddns.net:2222
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
DesbravadorUpdata.exe
-
install_folder
%AppData%
Targets
-
-
Target
Unlimited.ps1
-
Size
241KB
-
MD5
e9dd6ae79fddbcabe2aa76e8fddd0244
-
SHA1
7ba6c74d36634c6b673ecd05d69a22038e171c6f
-
SHA256
5227ed40f5ee2c8d976365582e7550bf43e1cedaca4ffdbf3f6993d78826ac47
-
SHA512
bbffbc363bbd1b97a21b8651f39998de6e7c9c8212e0a8c8ef4e9990b1af18a9b78e835bc2b41f87c5993e82e407d44f09009a6f6cb634d8dec06c9fa0b46244
-
Async RAT payload
-
Suspicious use of SetThreadContext
-