General
-
Target
Statement-N-2565325.bat
-
Size
61KB
-
Sample
220921-q6pmvagdf6
-
MD5
ab6cc2b98ec1b429d13a402f543433bd
-
SHA1
9b5f9efdfc21ff4a383444a12776a5b587a1c691
-
SHA256
e960b61bb463dcd9b5b931fefdb5098311187e1a67543b682785c968a7f59567
-
SHA512
ff3e35922fa4c8b8c311e087a912a15d84f99aa0615371e31fcf567d7d3c0a1e621afba96f53d8aa6432de349a4bcfaac233b061aaf829c63aff4da896f08d70
-
SSDEEP
96:Q2I202I2b2u202I2r202c2dGR7F2G2T2922gv2W2k2lQ2D2WX2J212J2JGR7Wgvd:aguQ2hW2Dgvd
Static task
static1
Behavioral task
behavioral1
Sample
Statement-N-2565325.bat
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
mAx
ceda7x.vip:6666
AsyncMutex_ff
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Statement-N-2565325.bat
-
Size
61KB
-
MD5
ab6cc2b98ec1b429d13a402f543433bd
-
SHA1
9b5f9efdfc21ff4a383444a12776a5b587a1c691
-
SHA256
e960b61bb463dcd9b5b931fefdb5098311187e1a67543b682785c968a7f59567
-
SHA512
ff3e35922fa4c8b8c311e087a912a15d84f99aa0615371e31fcf567d7d3c0a1e621afba96f53d8aa6432de349a4bcfaac233b061aaf829c63aff4da896f08d70
-
SSDEEP
96:Q2I202I2b2u202I2r202c2dGR7F2G2T2922gv2W2k2lQ2D2WX2J212J2JGR7Wgvd:aguQ2hW2Dgvd
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-