General
-
Target
Statment 1412500240.JS.js
-
Size
78KB
-
Sample
230323-jan8wagc2w
-
MD5
27b793bfdccc9569e57aaa7aa6fbc321
-
SHA1
8877645413921811cd6320d45a87b85be8d26033
-
SHA256
8369947367d812406853c2bcac444b1a6c374c2816df0ecf1d126c33c80ffca2
-
SHA512
d52e9af11b9ccbeb44c44232ac638a13fe53d09a6b417ee654fcc93aa8a41ff9de5f3895cdfb7a0e50e5292ae808d6066070cdb820313e4da4dda1e63c4eb14d
-
SSDEEP
96:ABKpBKpBKpBKpBKpBKpBKpBKpBKpBKpBKpBKXBKpBKpBKpBKpBKpBKpBKpBKpBK+:rnoDJsVNq
Static task
static1
Behavioral task
behavioral1
Sample
Statment 1412500240.JS.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Statment 1412500240.JS.js
Resource
win10v2004-20230221-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
New Grapity
services.work.gd:555
AsyncMutex
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Statment 1412500240.JS.js
-
Size
78KB
-
MD5
27b793bfdccc9569e57aaa7aa6fbc321
-
SHA1
8877645413921811cd6320d45a87b85be8d26033
-
SHA256
8369947367d812406853c2bcac444b1a6c374c2816df0ecf1d126c33c80ffca2
-
SHA512
d52e9af11b9ccbeb44c44232ac638a13fe53d09a6b417ee654fcc93aa8a41ff9de5f3895cdfb7a0e50e5292ae808d6066070cdb820313e4da4dda1e63c4eb14d
-
SSDEEP
96:ABKpBKpBKpBKpBKpBKpBKpBKpBKpBKpBKpBKXBKpBKpBKpBKpBKpBKpBKpBKpBK+:rnoDJsVNq
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-