General
-
Target
ig.png
-
Size
291KB
-
Sample
221206-sch93sgg55
-
MD5
39d128417e6cbcf1674b832db455120e
-
SHA1
9935f89ad08a8a2c6a4a6689cdfc32057aafbb33
-
SHA256
d2307bde19ff133b993f41dd7d48c602c9e81c7689f4c074a80c99c212c8c7a1
-
SHA512
5c8156827635cbd46744e829295dd2137a5e05860bf57a7e06e413784b64cdb1dffb1e9945b1eb274164461ec45010814748dae8b2dcc9b028b902f9f20169b9
-
SSDEEP
3072:saYeYvrUvSZezYXgnzD393ApTTbQI8Iv1vZoZWdP:sZeYvrUvNYXgzD393ApTTMIUZWdP
Static task
static1
Behavioral task
behavioral1
Sample
ig.ps1
Resource
win7-20220901-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Santos
sdf65dsf5df4dfs5555e8.ooguy.com:5001
westernogetobarsbrmng.ooguy.com:5001
Santo_785NT
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ig.png
-
Size
291KB
-
MD5
39d128417e6cbcf1674b832db455120e
-
SHA1
9935f89ad08a8a2c6a4a6689cdfc32057aafbb33
-
SHA256
d2307bde19ff133b993f41dd7d48c602c9e81c7689f4c074a80c99c212c8c7a1
-
SHA512
5c8156827635cbd46744e829295dd2137a5e05860bf57a7e06e413784b64cdb1dffb1e9945b1eb274164461ec45010814748dae8b2dcc9b028b902f9f20169b9
-
SSDEEP
3072:saYeYvrUvSZezYXgnzD393ApTTbQI8Iv1vZoZWdP:sZeYvrUvNYXgzD393ApTTMIUZWdP
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-