General
-
Target
img.jpg.ps1
-
Size
771KB
-
Sample
221216-h13nhshb2y
-
MD5
5ac2d245025afdd32eb83ee07c5eac2c
-
SHA1
2d7afe2482c8b00f64a3c06f1991e9d31e5e4992
-
SHA256
b1b279e81410d415a097e9cab59aa3a04728adf62095c99d1aee345b124d4b49
-
SHA512
f27af8054d6898da00de2b999cb421f26307d46f6b64c041d617b84b7012cec872e7f827f0befe71464e2ee0644d606a20cf231bbab52de9af78b806778f00e3
-
SSDEEP
3072:DWYU4444d444444444444444g44444444444444444K44444444444444449444a:D1/QImq4sn+kdnuzDT03ApT
Static task
static1
Behavioral task
behavioral1
Sample
img.jpg.ps1
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
x
jok7oda.publicvm.com:7777
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
img.jpg.ps1
-
Size
771KB
-
MD5
5ac2d245025afdd32eb83ee07c5eac2c
-
SHA1
2d7afe2482c8b00f64a3c06f1991e9d31e5e4992
-
SHA256
b1b279e81410d415a097e9cab59aa3a04728adf62095c99d1aee345b124d4b49
-
SHA512
f27af8054d6898da00de2b999cb421f26307d46f6b64c041d617b84b7012cec872e7f827f0befe71464e2ee0644d606a20cf231bbab52de9af78b806778f00e3
-
SSDEEP
3072:DWYU4444d444444444444444g44444444444444444K44444444444444449444a:D1/QImq4sn+kdnuzDT03ApT
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-