General
-
Target
RR807010335LL.bat
-
Size
8KB
-
Sample
220918-waf9gsfdhm
-
MD5
ac349bc7579eea3d10b3ca44cad8a3bb
-
SHA1
cecbc870f429664b51d246a189892bbb8d8fc3b7
-
SHA256
19cdcf460fdca1e5935eb3ba7f428172007bfe5c23c4a95aec10e1f40786d472
-
SHA512
2232d3716d918775a50df02a3211863a889516e4212292bf7deb82dfdee2a883336d199e52e3586a230b3db449cf2c3944691878314c4cd75ef46c111c6660d2
-
SSDEEP
192:lSJcJlJTJCJrJlJjJmJlJzJp9JDJCJmJjczJNJrJ5YNJBJNDJ8JZZE/:YJcJlJTJCJrJlJjJmJlJzJp9JDJCJmJz
Static task
static1
Behavioral task
behavioral1
Sample
RR807010335LL.bat
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
superfaster1.is-found.org:5020
AsyncMutex_ziad
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
RR807010335LL.bat
-
Size
8KB
-
MD5
ac349bc7579eea3d10b3ca44cad8a3bb
-
SHA1
cecbc870f429664b51d246a189892bbb8d8fc3b7
-
SHA256
19cdcf460fdca1e5935eb3ba7f428172007bfe5c23c4a95aec10e1f40786d472
-
SHA512
2232d3716d918775a50df02a3211863a889516e4212292bf7deb82dfdee2a883336d199e52e3586a230b3db449cf2c3944691878314c4cd75ef46c111c6660d2
-
SSDEEP
192:lSJcJlJTJCJrJlJjJmJlJzJp9JDJCJmJjczJNJrJ5YNJBJNDJ8JZZE/:YJcJlJTJCJrJlJjJmJlJzJp9JDJCJmJz
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-