General
-
Target
mWaWCBfTJo.JS.js
-
Size
83KB
-
Sample
230323-ja882sgc21
-
MD5
4d9ca283e6080bc1bb3e6817e8b27cda
-
SHA1
1b79943f6755b21255c214915676eacc7f645ddb
-
SHA256
d961c18d8817ad3cc2c414d3683eb9ba1dd1b0dd3d1578ca1eec353ad904a3f1
-
SHA512
ad41c58e741e121072cbe83533ba6675702efc6b5a69968dfad8cfbbe246f8897e4d42888c4f7ce16826b87001900b40af44cde35cf4483e9d0f1be848395bdf
-
SSDEEP
1536:ojjjjjjjjjjjdjjjjjjjjjjjVjjjjjjjjjjjNJjjjjjjjjjjj6jjjjjjjjjjjb+8:l
Static task
static1
Behavioral task
behavioral1
Sample
mWaWCBfTJo.JS.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
mWaWCBfTJo.JS.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Cairo
admincairo.linkpc.net:7707
AsyncMutex_move
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
mWaWCBfTJo.JS.js
-
Size
83KB
-
MD5
4d9ca283e6080bc1bb3e6817e8b27cda
-
SHA1
1b79943f6755b21255c214915676eacc7f645ddb
-
SHA256
d961c18d8817ad3cc2c414d3683eb9ba1dd1b0dd3d1578ca1eec353ad904a3f1
-
SHA512
ad41c58e741e121072cbe83533ba6675702efc6b5a69968dfad8cfbbe246f8897e4d42888c4f7ce16826b87001900b40af44cde35cf4483e9d0f1be848395bdf
-
SSDEEP
1536:ojjjjjjjjjjjdjjjjjjjjjjjVjjjjjjjjjjjNJjjjjjjjjjjj6jjjjjjjjjjjb+8:l
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Registers COM server for autorun
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-