General
-
Target
0eaee4c07ea1b88a8e5d044006b42d41.hta
-
Size
1KB
-
Sample
220706-ctklgahfa2
-
MD5
0eaee4c07ea1b88a8e5d044006b42d41
-
SHA1
62fe6a825728c186335fc2a24f24f0608519cdff
-
SHA256
2693749e9e3f7c99543e3e622a335a9db30dc604808f06e3a51f20c33bac8af2
-
SHA512
61ea582878866c4a5ac0cff1cfa4a8e59731396a25df430382bee11eedd4c0d942c81fc8c0d375027f45106e1dcff14910ce63e9a2c5b85451b0bd68e7a1311f
Static task
static1
Behavioral task
behavioral1
Sample
0eaee4c07ea1b88a8e5d044006b42d41.hta
Resource
win7-20220414-en
Malware Config
Extracted
https://unimed-corporated.com/updata.jpg
Extracted
asyncrat
| Edit 3LOSH RAT
#_AVAST_#
cdtpitbull.hopto.org:7707
cdtpitbull.hopto.org:4404
cdtpitbull.hopto.org:5505
cdtpitbull.hopto.org:3303
cdtpitbull.hopto.org:2222
cdtpitbull.hopto.org:6606
cdtpitbull.hopto.org:8808
cdtpitbull.hopto.org:5155
cdtpitbull.hopto.org:5122
cdtpitbull.hopto.org:8001
cdtpitbull.hopto.org:9000
cdtpitbull.hopto.org:9999
cdtpitbull.hopto.org:8888
chromedata.accesscam.org:7707
chromedata.accesscam.org:4404
chromedata.accesscam.org:5505
chromedata.accesscam.org:3303
chromedata.accesscam.org:2222
chromedata.accesscam.org:6606
chromedata.accesscam.org:8808
chromedata.accesscam.org:5155
chromedata.accesscam.org:5122
chromedata.accesscam.org:8001
chromedata.accesscam.org:9000
chromedata.accesscam.org:9999
chromedata.accesscam.org:8888
datacontrol.ddns.net:7707
datacontrol.ddns.net:4404
datacontrol.ddns.net:5505
datacontrol.ddns.net:3303
datacontrol.ddns.net:2222
datacontrol.ddns.net:6606
datacontrol.ddns.net:8808
datacontrol.ddns.net:5155
datacontrol.ddns.net:5122
datacontrol.ddns.net:8001
datacontrol.ddns.net:9000
datacontrol.ddns.net:9999
datacontrol.ddns.net:8888
cdt2023.ddns.net:7707
cdt2023.ddns.net:4404
cdt2023.ddns.net:5505
cdt2023.ddns.net:3303
cdt2023.ddns.net:2222
cdt2023.ddns.net:6606
cdt2023.ddns.net:8808
cdt2023.ddns.net:5155
cdt2023.ddns.net:5122
cdt2023.ddns.net:8001
cdt2023.ddns.net:9000
cdt2023.ddns.net:9999
cdt2023.ddns.net:8888
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
DesbravadorUpdata.exe
-
install_folder
%AppData%
Targets
-
-
Target
0eaee4c07ea1b88a8e5d044006b42d41.hta
-
Size
1KB
-
MD5
0eaee4c07ea1b88a8e5d044006b42d41
-
SHA1
62fe6a825728c186335fc2a24f24f0608519cdff
-
SHA256
2693749e9e3f7c99543e3e622a335a9db30dc604808f06e3a51f20c33bac8af2
-
SHA512
61ea582878866c4a5ac0cff1cfa4a8e59731396a25df430382bee11eedd4c0d942c81fc8c0d375027f45106e1dcff14910ce63e9a2c5b85451b0bd68e7a1311f
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-