General
-
Target
Scan Copy SOA 21-02-23.js
-
Size
1.1MB
-
Sample
230222-m3efxsba24
-
MD5
05a618e4b3fa51d3d246db01357b9652
-
SHA1
2f2de551f2143937a9d631ae18c23b7e2bb44a94
-
SHA256
d60ae9854611d58d59c44beecc1f07a01a650d941a38b56e3b6c1589c61f2a0d
-
SHA512
5d614382b5d39b994f63ec7f39f1d20b801025e1c5a464e7c85dfd6dfa2e80a57ed4a73414db286c0236cd130cce83feff5906f8ec31103bb8a5f8ae84f0f5ca
-
SSDEEP
12288:1EnHjEfsCLYV78evnjj4Xiubv7M8/uNXkrABDlKkRWagiB:KnHYMdNXk8gW
Static task
static1
Behavioral task
behavioral1
Sample
Scan Copy SOA 21-02-23.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Scan Copy SOA 21-02-23.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
bition1.hopto.org:8817
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
image.exe
-
install_folder
%AppData%
Targets
-
-
Target
Scan Copy SOA 21-02-23.js
-
Size
1.1MB
-
MD5
05a618e4b3fa51d3d246db01357b9652
-
SHA1
2f2de551f2143937a9d631ae18c23b7e2bb44a94
-
SHA256
d60ae9854611d58d59c44beecc1f07a01a650d941a38b56e3b6c1589c61f2a0d
-
SHA512
5d614382b5d39b994f63ec7f39f1d20b801025e1c5a464e7c85dfd6dfa2e80a57ed4a73414db286c0236cd130cce83feff5906f8ec31103bb8a5f8ae84f0f5ca
-
SSDEEP
12288:1EnHjEfsCLYV78evnjj4Xiubv7M8/uNXkrABDlKkRWagiB:KnHYMdNXk8gW
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-