General
-
Target
update.ps1
-
Size
376KB
-
Sample
220705-pxa8eshcdp
-
MD5
77f36fa17a3be2cce1b5211ce3f00c9d
-
SHA1
bf73e8773a0e2da68815d092dc53c89572117fb8
-
SHA256
1670572dbb748d82d05e91298564847dbda33749d8721537601457194abd7569
-
SHA512
f77a3a3c9711543cb3a833bdba4916bbdcd20fa82a8488ffaddadf6d5b0d03b31b9fdac7c7651708ba787c7bf15d9f03c52f913d1f7e6f65b75a27100ccaf74f
Static task
static1
Behavioral task
behavioral1
Sample
update.ps1
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
#_AVAST_#
cdtpitbull.hopto.org:7707
cdtpitbull.hopto.org:4404
cdtpitbull.hopto.org:5505
cdtpitbull.hopto.org:3303
cdtpitbull.hopto.org:2222
cdtpitbull.hopto.org:6606
cdtpitbull.hopto.org:8808
cdtpitbull.hopto.org:5155
cdtpitbull.hopto.org:5122
cdtpitbull.hopto.org:8001
cdtpitbull.hopto.org:9000
cdtpitbull.hopto.org:9999
cdtpitbull.hopto.org:8888
chromedata.accesscam.org:7707
chromedata.accesscam.org:4404
chromedata.accesscam.org:5505
chromedata.accesscam.org:3303
chromedata.accesscam.org:2222
chromedata.accesscam.org:6606
chromedata.accesscam.org:8808
chromedata.accesscam.org:5155
chromedata.accesscam.org:5122
chromedata.accesscam.org:8001
chromedata.accesscam.org:9000
chromedata.accesscam.org:9999
chromedata.accesscam.org:8888
datacontrol.ddns.net:7707
datacontrol.ddns.net:4404
datacontrol.ddns.net:5505
datacontrol.ddns.net:3303
datacontrol.ddns.net:2222
datacontrol.ddns.net:6606
datacontrol.ddns.net:8808
datacontrol.ddns.net:5155
datacontrol.ddns.net:5122
datacontrol.ddns.net:8001
datacontrol.ddns.net:9000
datacontrol.ddns.net:9999
datacontrol.ddns.net:8888
cdt2023.ddns.net:7707
cdt2023.ddns.net:4404
cdt2023.ddns.net:5505
cdt2023.ddns.net:3303
cdt2023.ddns.net:2222
cdt2023.ddns.net:6606
cdt2023.ddns.net:8808
cdt2023.ddns.net:5155
cdt2023.ddns.net:5122
cdt2023.ddns.net:8001
cdt2023.ddns.net:9000
cdt2023.ddns.net:9999
cdt2023.ddns.net:8888
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
DesbravadorUpdata.exe
-
install_folder
%AppData%
Targets
-
-
Target
update.ps1
-
Size
376KB
-
MD5
77f36fa17a3be2cce1b5211ce3f00c9d
-
SHA1
bf73e8773a0e2da68815d092dc53c89572117fb8
-
SHA256
1670572dbb748d82d05e91298564847dbda33749d8721537601457194abd7569
-
SHA512
f77a3a3c9711543cb3a833bdba4916bbdcd20fa82a8488ffaddadf6d5b0d03b31b9fdac7c7651708ba787c7bf15d9f03c52f913d1f7e6f65b75a27100ccaf74f
-
Async RAT payload
-
Suspicious use of SetThreadContext
-