General
-
Target
Scan Copy SOA 21-02-23.js.zip
-
Size
514KB
-
Sample
230222-lefhmscd6y
-
MD5
a60c5fe1a85fb0559451df58406b279b
-
SHA1
caf9ffa47462796a34f95fa87befa41159526071
-
SHA256
a5fe52db9124afc9f4cdc6adf158e8806e12d67d5c1487d703543b4ee0592d90
-
SHA512
0652ed6558f660cd49f325d050b2664b2ceb46c3235a4886a307e9d48fe925f84575de34dddecb7c146351e6d8672e5568c29d7e16da4be2911da339da2a447b
-
SSDEEP
12288:GafDYLiiNBsQ11qcslH36ZjmSyOvTb6IMSGAoxuxR4HnUrS8:Em8Bx11qRlH3EjmSjbYSGA/PIu
Static task
static1
Behavioral task
behavioral1
Sample
Scan Copy SOA 21-02-23.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Scan Copy SOA 21-02-23.js
Resource
win10v2004-20230221-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
bition1.hopto.org:8817
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
image.exe
-
install_folder
%AppData%
Targets
-
-
Target
Scan Copy SOA 21-02-23.js
-
Size
1.1MB
-
MD5
05a618e4b3fa51d3d246db01357b9652
-
SHA1
2f2de551f2143937a9d631ae18c23b7e2bb44a94
-
SHA256
d60ae9854611d58d59c44beecc1f07a01a650d941a38b56e3b6c1589c61f2a0d
-
SHA512
5d614382b5d39b994f63ec7f39f1d20b801025e1c5a464e7c85dfd6dfa2e80a57ed4a73414db286c0236cd130cce83feff5906f8ec31103bb8a5f8ae84f0f5ca
-
SSDEEP
12288:1EnHjEfsCLYV78evnjj4Xiubv7M8/uNXkrABDlKkRWagiB:KnHYMdNXk8gW
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-