Overview

overview

10

Static

static

x.png.ps1

windows7-x64

5

x.png.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    x.png.ps1

  • Size

    243KB

  • Sample

    221216-h13nhsec77

  • MD5

    fb15d35b386dd9f9cadfbd8dff55b7d6

  • SHA1

    1663084c6fb2404fa0be3f3ae1170589f6df8ff2

  • SHA256

    6a4bde618c5f4a8d087364e26be121e332f35f947baf55ba4c02a4f796cceda9

  • SHA512

    f40c26fb227e4fcba639a92cda956c4693601ba766723b025b8718d9c2bfc49c3221217a2f133ad8df7dac5405045219270e7b163a228c4def0470e790d0ef60

  • SSDEEP

    1536:h3aRvIDi0gcXRI65uSiNdnYJCmLEmg7Tvve0pAGFBQDp/QI+OcD/55j9VyAGuELw:uC6S/QI+Ocvj6cmGfl+owmGcAg3Ap6

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

boxtest.publicvm.com:6666

Mutex

AsyncMutex_af

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      x.png.ps1

    • Size

      243KB

    • MD5

      fb15d35b386dd9f9cadfbd8dff55b7d6

    • SHA1

      1663084c6fb2404fa0be3f3ae1170589f6df8ff2

    • SHA256

      6a4bde618c5f4a8d087364e26be121e332f35f947baf55ba4c02a4f796cceda9

    • SHA512

      f40c26fb227e4fcba639a92cda956c4693601ba766723b025b8718d9c2bfc49c3221217a2f133ad8df7dac5405045219270e7b163a228c4def0470e790d0ef60

    • SSDEEP

      1536:h3aRvIDi0gcXRI65uSiNdnYJCmLEmg7Tvve0pAGFBQDp/QI+OcD/55j9VyAGuELw:uC6S/QI+Ocvj6cmGfl+owmGcAg3Ap6

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks