General
-
Target
390Z21.ps1
-
Size
206KB
-
Sample
230322-q9tqzaba8t
-
MD5
7f42335561e2adb6a744f1dcb02b1505
-
SHA1
415e34780b8e144c28995e611117d7d0182f3b22
-
SHA256
c671d25e21e83929c1853e697f29b0e8ed3b69edc6add61d4d8b8bc2018afe14
-
SHA512
442c90c2f926480beb001ed1ae45bf4f9893988d135367bf51c1a8ab7f27e4a11cbec1a9fea5f6897c1dc15cbc33fa7e0f027199c281107e7c5536a63aa2058c
-
SSDEEP
3072:RO2MjmUvLcSRr0zELowmGcAK3ApfJo74Pda:RpMjbYYowmGcAK3Apxm1
Static task
static1
Behavioral task
behavioral1
Sample
390Z21.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
185.81.157.244:6601
AsyncMutex_6S181I8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
390Z21.ps1
-
Size
206KB
-
MD5
7f42335561e2adb6a744f1dcb02b1505
-
SHA1
415e34780b8e144c28995e611117d7d0182f3b22
-
SHA256
c671d25e21e83929c1853e697f29b0e8ed3b69edc6add61d4d8b8bc2018afe14
-
SHA512
442c90c2f926480beb001ed1ae45bf4f9893988d135367bf51c1a8ab7f27e4a11cbec1a9fea5f6897c1dc15cbc33fa7e0f027199c281107e7c5536a63aa2058c
-
SSDEEP
3072:RO2MjmUvLcSRr0zELowmGcAK3ApfJo74Pda:RpMjbYYowmGcAK3Apxm1
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-