General
-
Target
usman-server.txt.ps1
-
Size
255KB
-
Sample
221013-xptzkaaacl
-
MD5
f49c085a0873fe1a44e09ba9bd10c122
-
SHA1
134953571f892580ec793340f0997812bc928a71
-
SHA256
af6794ebbb7d1dd19893bb919c5881cb6d8c026afaf5931cae3c294e6baee7ea
-
SHA512
5e1f2ecf7c3b1f32a50182e3ced4046ffd1af6d7ddbf40e8c715f333c7ebfb8af2b5161ff0c68229ea837b2beccf769513f85b6c066a8318cab06a6550439b45
-
SSDEEP
6144:aRQRmeIR/ENCsOSRR3gq37ZN85OcyixP3Nf5HHLkJswKVFNvXu:wXYv4wcfxp1HwSFBu
Static task
static1
Behavioral task
behavioral1
Sample
usman-server.txt.ps1
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
usman-server.txt.ps1
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
212.192.219.56:5612
utex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
usman-server.txt.ps1
-
Size
255KB
-
MD5
f49c085a0873fe1a44e09ba9bd10c122
-
SHA1
134953571f892580ec793340f0997812bc928a71
-
SHA256
af6794ebbb7d1dd19893bb919c5881cb6d8c026afaf5931cae3c294e6baee7ea
-
SHA512
5e1f2ecf7c3b1f32a50182e3ced4046ffd1af6d7ddbf40e8c715f333c7ebfb8af2b5161ff0c68229ea837b2beccf769513f85b6c066a8318cab06a6550439b45
-
SSDEEP
6144:aRQRmeIR/ENCsOSRR3gq37ZN85OcyixP3Nf5HHLkJswKVFNvXu:wXYv4wcfxp1HwSFBu
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Registers COM server for autorun
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-