General
-
Target
h.png
-
Size
254KB
-
Sample
221206-sehrbsgh92
-
MD5
ede6cd34749899b3315b0c7657bd35d1
-
SHA1
c57e4fa620815c6049b271ca6400c22ad499547a
-
SHA256
d2924b0d5315ff62dec0546d2f8a3b29cc7469ac8f7f7421723d385cd5a8756a
-
SHA512
a3b337ebd870472c81e3500c1bf651563e67db8b370cdd557c8dd9968530ac0c04cb04c2ac121413f440b6a4133c796d7b2024b8e71a789edaa57e469a7f4521
-
SSDEEP
3072:zaYePSGUCQnJzD3k3ApRMOheOdniETnkhYbZWdw:zZePNQJzD3k3ApRM+eOdni2rZWdw
Static task
static1
Behavioral task
behavioral1
Sample
h.ps1
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
h.ps1
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Error_95802AG
sdf65dsf5df4dfs5555e8.ooguy.com:5001
westernogetobarsbrmng.ooguy.com:5001
Error_589ERD5V
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
h.png
-
Size
254KB
-
MD5
ede6cd34749899b3315b0c7657bd35d1
-
SHA1
c57e4fa620815c6049b271ca6400c22ad499547a
-
SHA256
d2924b0d5315ff62dec0546d2f8a3b29cc7469ac8f7f7421723d385cd5a8756a
-
SHA512
a3b337ebd870472c81e3500c1bf651563e67db8b370cdd557c8dd9968530ac0c04cb04c2ac121413f440b6a4133c796d7b2024b8e71a789edaa57e469a7f4521
-
SSDEEP
3072:zaYePSGUCQnJzD3k3ApRMOheOdniETnkhYbZWdw:zZePNQJzD3k3ApRM+eOdni2rZWdw
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-