General
-
Target
6cc1c3d9c663900c34c5a4ea21b014877e6fa5e3
-
Size
300B
-
Sample
221207-abnt3aag6s
-
MD5
902d1f5d399e00825d5fc337d8a6e7a6
-
SHA1
6cc1c3d9c663900c34c5a4ea21b014877e6fa5e3
-
SHA256
b1453958381015591f0f5bb284f3614321ca5ee9a82acb4d203f10e66d05f779
-
SHA512
ba1ca3f962033934f01259ffcfce3317a05addaa599d9c5ee587377706bd76bbc3455cf82cd6eec31b2350e5ac1d29a41ea4ba05fde7ecf793e9e1ff0b5a9288
Static task
static1
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
rider.giize.com:6606
rider.giize.com:7707
rider.giize.com:8808
AsyncMutex_rf
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
6cc1c3d9c663900c34c5a4ea21b014877e6fa5e3
-
Size
300B
-
MD5
902d1f5d399e00825d5fc337d8a6e7a6
-
SHA1
6cc1c3d9c663900c34c5a4ea21b014877e6fa5e3
-
SHA256
b1453958381015591f0f5bb284f3614321ca5ee9a82acb4d203f10e66d05f779
-
SHA512
ba1ca3f962033934f01259ffcfce3317a05addaa599d9c5ee587377706bd76bbc3455cf82cd6eec31b2350e5ac1d29a41ea4ba05fde7ecf793e9e1ff0b5a9288
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-