General
-
Target
_228763212121325555554637548503 [MConverter.eu].iso
-
Size
1.5MB
-
Sample
221206-2vkqasbh52
-
MD5
47a98d5dc2c54aac240e902184b0c525
-
SHA1
e0cd3c1344b3261b2cc1b2051fc7a60f7514efde
-
SHA256
54c98af50b3f94bf726ed3d263c3e27bfcb2e227a36afcf5afa907a110af0954
-
SHA512
32b015256ce2432751ad07e839cebf4cce0a0c8a8add64953df1a8905c339b5c229c1cc3c8a82bccebfca6132b43ef4f446589fc7458de8959502bb7e2258d1d
-
SSDEEP
384:dzOzOzOzOz+zOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpt:
Static task
static1
Behavioral task
behavioral1
Sample
_228763212121325555554637548503 [MConverter.eu].iso
Resource
win10-20220901-es
Malware Config
Extracted
http://incuber.es/music/rose.png
Extracted
asyncrat
| Edit 3LOSH RAT
Default
smartvodafone.duckdns.org:5000
smartvodafone.duckdns.org:5001
smartvodafone.duckdns.org:5002
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
_228763212121325555554637548503 [MConverter.eu].iso
-
Size
1.5MB
-
MD5
47a98d5dc2c54aac240e902184b0c525
-
SHA1
e0cd3c1344b3261b2cc1b2051fc7a60f7514efde
-
SHA256
54c98af50b3f94bf726ed3d263c3e27bfcb2e227a36afcf5afa907a110af0954
-
SHA512
32b015256ce2432751ad07e839cebf4cce0a0c8a8add64953df1a8905c339b5c229c1cc3c8a82bccebfca6132b43ef4f446589fc7458de8959502bb7e2258d1d
-
SSDEEP
384:dzOzOzOzOz+zOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpt:
Score10/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
_2287632.VBS
-
Size
1.1MB
-
MD5
4c58dc9a8dc5798f57bb0b167780b871
-
SHA1
214b13de422b2a62c6afaeb2dcb86a4256ed32a3
-
SHA256
4268d4ba4527eae819b1e623c75cc86d7692ae62b934383d5b54d2fea5bd765f
-
SHA512
4395afd47b109e7d521165f3ca765a0aee6fbdff6a5d1eecd299291455bc6c3999f1d62ceb1d9dfbe14849df8156d902dd954d85a5be32567bc392b36cd56a38
-
SSDEEP
384:HzOzOzOzOz+zOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpz:/
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-