General
-
Target
believe-server.txt.ps1
-
Size
255KB
-
Sample
221013-xqabjsaaek
-
MD5
02d3b46db023e74bf34b36d336e283d8
-
SHA1
fe8d8ebc03e50c39b3c38b6f9aad6e9ea6894528
-
SHA256
aed50a5da5a71dbee227b9de4c9ee68ec20e9814928b16fb231784c3d45ef4a2
-
SHA512
a1b259c6ff0ac4c108dfdf471e325f3938dcb3afe61308e75fe1058b4945076318d3403b36ac145682e53548f31e9260dba1b5e37c83a9476f2d338b4625d07a
-
SSDEEP
6144:wRQRmeIR/ENCsO4/TzhUtZylDwc00ddPqWBYWUaOU8Y85TNkS:SX4PhU1cFPqWt987SS
Static task
static1
Behavioral task
behavioral1
Sample
believe-server.txt.ps1
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
believe-server.txt.ps1
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
NEW
185.222.58.50:4545
MuTExtMaster_%^*$%&$&%**@%GHJBJH
-
delay
3
-
install
false
-
install_file
Explorer.exe
-
install_folder
%AppData%
Targets
-
-
Target
believe-server.txt.ps1
-
Size
255KB
-
MD5
02d3b46db023e74bf34b36d336e283d8
-
SHA1
fe8d8ebc03e50c39b3c38b6f9aad6e9ea6894528
-
SHA256
aed50a5da5a71dbee227b9de4c9ee68ec20e9814928b16fb231784c3d45ef4a2
-
SHA512
a1b259c6ff0ac4c108dfdf471e325f3938dcb3afe61308e75fe1058b4945076318d3403b36ac145682e53548f31e9260dba1b5e37c83a9476f2d338b4625d07a
-
SSDEEP
6144:wRQRmeIR/ENCsO4/TzhUtZylDwc00ddPqWBYWUaOU8Y85TNkS:SX4PhU1cFPqWt987SS
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Registers COM server for autorun
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-