General
-
Target
Statement-N-35623.bat
-
Size
43KB
-
Sample
220926-ldj5fabdhr
-
MD5
50de2769b835028fad19de34f3c92224
-
SHA1
7b433c1368e401c76bb25be5c21f9e298c71d7cf
-
SHA256
d9fd38107d699b06e803bc1e6a07d6c920474fe7d93a1b61a2ff5f23992d3fbc
-
SHA512
04ea1509cb9bf9752cbd0ac87eb6feaef3c13490e860a1ea535bba585080742625d11fbfb86f0bad8ba2b8daf310472c1394c92c92203005c98f902a9ba1625f
-
SSDEEP
96:rhshDhRhghphDhph9GhDhxhDhxhohUh1wDh7hhhVoMqh8ghGkhKhewto:QIoh+o
Static task
static1
Behavioral task
behavioral1
Sample
Statement-N-35623.bat
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
mAx
ceda7x.vip:6666
AsyncMutex_ff
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Statement-N-35623.bat
-
Size
43KB
-
MD5
50de2769b835028fad19de34f3c92224
-
SHA1
7b433c1368e401c76bb25be5c21f9e298c71d7cf
-
SHA256
d9fd38107d699b06e803bc1e6a07d6c920474fe7d93a1b61a2ff5f23992d3fbc
-
SHA512
04ea1509cb9bf9752cbd0ac87eb6feaef3c13490e860a1ea535bba585080742625d11fbfb86f0bad8ba2b8daf310472c1394c92c92203005c98f902a9ba1625f
-
SSDEEP
96:rhshDhRhghphDhph9GhDhxhDhxhohUh1wDh7hhhVoMqh8ghGkhKhewto:QIoh+o
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-