General
-
Target
b.png
-
Size
238KB
-
Sample
221206-r9cccsbe6y
-
MD5
6e91be6c47db5fd6a0d0db5f52cff024
-
SHA1
d2a2f20942877a32847e249c626ccc4d1471b4de
-
SHA256
6d96369f6db259db2935944db579b7aea9b9da92543298491cb8a73a296609a3
-
SHA512
97320a55c3dd285d2a848b5a87cb1f31104c9a2c81bf0efdac974f4f399263cec6e241803cb13afde9bb4c8bc920181f1b619b95cf523dcbe928b6ec9a2d964d
-
SSDEEP
3072:tJKMWXWQN8gnKRJmZzD373ApJpMi8RzZWdV:tEMWXWQN8UKROzD373ApJpMzFZWdV
Static task
static1
Behavioral task
behavioral1
Sample
b.ps1
Resource
win7-20220901-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
nasori.ddnsfree.com:6666
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
b.png
-
Size
238KB
-
MD5
6e91be6c47db5fd6a0d0db5f52cff024
-
SHA1
d2a2f20942877a32847e249c626ccc4d1471b4de
-
SHA256
6d96369f6db259db2935944db579b7aea9b9da92543298491cb8a73a296609a3
-
SHA512
97320a55c3dd285d2a848b5a87cb1f31104c9a2c81bf0efdac974f4f399263cec6e241803cb13afde9bb4c8bc920181f1b619b95cf523dcbe928b6ec9a2d964d
-
SSDEEP
3072:tJKMWXWQN8gnKRJmZzD373ApJpMi8RzZWdV:tEMWXWQN8UKROzD373ApJpMzFZWdV
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-