General
-
Target
Bill-ID0574.bat
-
Size
658KB
-
Sample
220923-ymjaqabcap
-
MD5
cf5a56fd49fe38a0cb1addfd6943513b
-
SHA1
a55f86ae35746befb2d20b2572dbda734a8420e8
-
SHA256
967732005fae1af8d9aafa76ca12dac96bdfe52e79e7985e0d963511092dbeb9
-
SHA512
170f977cb9bb8c20a282f42ffb14c3b529121ad24b4ad798637a2e6388966068617a83602f0f69c79c7ce222b236bce121628adcf840f2a7e25095d6b2800613
-
SSDEEP
192:CSPrQNPXMPLi1ouqn11jSwXqtj2enRwX+:3N+qu
Static task
static1
Behavioral task
behavioral1
Sample
Bill-ID0574.bat
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
195.178.120.137:6071
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Bill-ID0574.bat
-
Size
658KB
-
MD5
cf5a56fd49fe38a0cb1addfd6943513b
-
SHA1
a55f86ae35746befb2d20b2572dbda734a8420e8
-
SHA256
967732005fae1af8d9aafa76ca12dac96bdfe52e79e7985e0d963511092dbeb9
-
SHA512
170f977cb9bb8c20a282f42ffb14c3b529121ad24b4ad798637a2e6388966068617a83602f0f69c79c7ce222b236bce121628adcf840f2a7e25095d6b2800613
-
SSDEEP
192:CSPrQNPXMPLi1ouqn11jSwXqtj2enRwX+:3N+qu
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-