General
-
Target
vvNcnmOqNh.JS.js
-
Size
127KB
-
Sample
230323-ja882sgc2z
-
MD5
5130bab251ef6bee2663f50a9a0a8e63
-
SHA1
9e01d35ce67ffa1bfb57324be565b67092a34053
-
SHA256
86de6654841fc57268545faca5d93d86494088cfd017a20570897c4c87b726b5
-
SHA512
a56fed88b92158d90598ab7681c7f29f4c6967827d40f7fd34e295332f53b0a2df7bdbf4277c36f48fdba8e31b6d2995665c33ea13567948094ede88ccf62b64
-
SSDEEP
384:6SASASASASASASASASASASASsSASASASASASASASASASASASkSASASASASASASAS:6vrqvBvd
Static task
static1
Behavioral task
behavioral1
Sample
vvNcnmOqNh.JS.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
vvNcnmOqNh.JS.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
newmekha
pop11.linkpc.net:6606
pop11.linkpc.net:6666
pop11.linkpc.net:7707
pop11.linkpc.net:8808
198.244.206.24:6606
198.244.206.24:6666
198.244.206.24:7707
198.244.206.24:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
vvNcnmOqNh.JS.js
-
Size
127KB
-
MD5
5130bab251ef6bee2663f50a9a0a8e63
-
SHA1
9e01d35ce67ffa1bfb57324be565b67092a34053
-
SHA256
86de6654841fc57268545faca5d93d86494088cfd017a20570897c4c87b726b5
-
SHA512
a56fed88b92158d90598ab7681c7f29f4c6967827d40f7fd34e295332f53b0a2df7bdbf4277c36f48fdba8e31b6d2995665c33ea13567948094ede88ccf62b64
-
SSDEEP
384:6SASASASASASASASASASASASsSASASASASASASASASASASASkSASASASASASASAS:6vrqvBvd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-