General
-
Target
b.png
-
Size
291KB
-
Sample
221206-pqyedahb99
-
MD5
8078557221981a8df212716a045e1ef5
-
SHA1
d6c8b1c4a79730f1fa5875b65d7d6780b2318300
-
SHA256
c5422bb48cf84aec0d630bd24227c42b477be5cdd2957de4aa6d3b7581187c35
-
SHA512
1996b38534869f92697edc2ae97d891e465400241444ed5a4d6af944ce04997d549bad2093a2fb57280d440ad93a18156cf23d7deacadb9dcba5120b9f82cd72
-
SSDEEP
3072:oL1UfzrhJAgGH3zDTp3AptTbQI8Iv1vZoZWdP:ohUfzrhJAgGH3zDTp3AptTMIUZWdP
Static task
static1
Behavioral task
behavioral1
Sample
b.ps1
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
munroe.work.gd:6606
munroe.work.gd:7707
munroe.work.gd:8808
AsyncMutex_fuck
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
b.png
-
Size
291KB
-
MD5
8078557221981a8df212716a045e1ef5
-
SHA1
d6c8b1c4a79730f1fa5875b65d7d6780b2318300
-
SHA256
c5422bb48cf84aec0d630bd24227c42b477be5cdd2957de4aa6d3b7581187c35
-
SHA512
1996b38534869f92697edc2ae97d891e465400241444ed5a4d6af944ce04997d549bad2093a2fb57280d440ad93a18156cf23d7deacadb9dcba5120b9f82cd72
-
SSDEEP
3072:oL1UfzrhJAgGH3zDTp3AptTbQI8Iv1vZoZWdP:ohUfzrhJAgGH3zDTp3AptTMIUZWdP
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-