General
-
Target
A.ps1
-
Size
341KB
-
Sample
220706-tktlfsggf5
-
MD5
bab2e1ffac6380d3cf78dab6a518043c
-
SHA1
3b1316722ecfcac5e091df43926c5556e56b2484
-
SHA256
dc06a80957d67f15f51dac150d3cd1a2aeb46851c9783550048eb68092f13f90
-
SHA512
a32843fde56f5f6e57427d3861f63f037cd2bad47b529029ef443a6abdc82934654971134ef8da37918a0fb9487848d7a4aeff9f7cf2bbf0b9b4eafb0feee85a
Behavioral task
behavioral1
Sample
A.ps1
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
EID
4dod.ddns.net:6666
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
A.ps1
-
Size
341KB
-
MD5
bab2e1ffac6380d3cf78dab6a518043c
-
SHA1
3b1316722ecfcac5e091df43926c5556e56b2484
-
SHA256
dc06a80957d67f15f51dac150d3cd1a2aeb46851c9783550048eb68092f13f90
-
SHA512
a32843fde56f5f6e57427d3861f63f037cd2bad47b529029ef443a6abdc82934654971134ef8da37918a0fb9487848d7a4aeff9f7cf2bbf0b9b4eafb0feee85a
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Suspicious use of SetThreadContext
-