General
-
Target
Good.ps1
-
Size
1KB
-
Sample
220926-y3tfmadaen
-
MD5
f352e9ea5b48e556410878e8204434f5
-
SHA1
3e6be512bdf272021faf840ce76d149631c322f5
-
SHA256
e05a116bf80f3d77481a9962caa9d0d8544f287dfd6b6c865054e8ea9c9f6826
-
SHA512
8d08c60a887dec659abfae2f10fadb426640d3e3a56394b18b382dd0c43759c6dd7504f6fe17a720cd7c412bf6f97ae8f9fb0940ee11b3a64891446218444b21
Static task
static1
Behavioral task
behavioral1
Sample
Good.ps1
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
worldpassed.publicvm.com:199
AsyncMutex_6SI8OkBrC
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Good.ps1
-
Size
1KB
-
MD5
f352e9ea5b48e556410878e8204434f5
-
SHA1
3e6be512bdf272021faf840ce76d149631c322f5
-
SHA256
e05a116bf80f3d77481a9962caa9d0d8544f287dfd6b6c865054e8ea9c9f6826
-
SHA512
8d08c60a887dec659abfae2f10fadb426640d3e3a56394b18b382dd0c43759c6dd7504f6fe17a720cd7c412bf6f97ae8f9fb0940ee11b3a64891446218444b21
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-