General
-
Target
anthony-serv.ps1
-
Size
255KB
-
Sample
221013-xpy9aahhe8
-
MD5
50ae4a50e43fe1415d175b77f25af5a9
-
SHA1
a7858887a91fa61b2550d35b390848cd5340f020
-
SHA256
a03d5d0f193df89e72e85d2c028f3facdab88b2d9f7750a070b8981ccee03122
-
SHA512
e289abd62ecc9475a623e790df7262c342e18f7b82a0694c6c79229e937da49bf304d201d8249c336c305bff25092c6a648e48193371da07bf90781a5c267108
-
SSDEEP
6144:wRQRmeIR/ENCsONLMubiwoTTDlg5SHfyKGFsUjCRr1dxVzMRGS:SXqu/oTTxg5sxGG11RLS
Static task
static1
Behavioral task
behavioral1
Sample
anthony-serv.ps1
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
anthony-serv.ps1
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
148.163.80.206:7778
Master_ANTHORNY
-
delay
3
-
install
false
-
install_file
Explorer.exe
-
install_folder
%AppData%
Targets
-
-
Target
anthony-serv.ps1
-
Size
255KB
-
MD5
50ae4a50e43fe1415d175b77f25af5a9
-
SHA1
a7858887a91fa61b2550d35b390848cd5340f020
-
SHA256
a03d5d0f193df89e72e85d2c028f3facdab88b2d9f7750a070b8981ccee03122
-
SHA512
e289abd62ecc9475a623e790df7262c342e18f7b82a0694c6c79229e937da49bf304d201d8249c336c305bff25092c6a648e48193371da07bf90781a5c267108
-
SSDEEP
6144:wRQRmeIR/ENCsONLMubiwoTTDlg5SHfyKGFsUjCRr1dxVzMRGS:SXqu/oTTxg5sxGG11RLS
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Registers COM server for autorun
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-