General
-
Target
70fb61e4da384dc4bd69e0e3de5f0d03.bin
-
Size
874B
-
Sample
230324-b2c1xsdd8x
-
MD5
1cda3c9baaa344b0b9bc57535fffbb3a
-
SHA1
6a974baec43e850b270ab70c99e2437a85d6f783
-
SHA256
fb0dba0f6cade86e8a3284696fe5cfe93f20ee30b63d67bcf7eb58aa9b72d1c1
-
SHA512
9864eb76db02fa9ab357001ad45616a9bf59934ad44616edebb9227f58c4187e71a0f82a82d3077aac779f5fe999fe40ff206c91f98f90a952d7caf05dbdd954
Static task
static1
Behavioral task
behavioral1
Sample
f3d11767312676ba55c151aa3e4b602abbe5b5181883b81fb9c29f178bb5bfb2.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f3d11767312676ba55c151aa3e4b602abbe5b5181883b81fb9c29f178bb5bfb2.js
Resource
win10v2004-20230221-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Cairo
admincairo.linkpc.net:7707
AsyncMutex_move
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
f3d11767312676ba55c151aa3e4b602abbe5b5181883b81fb9c29f178bb5bfb2.js
-
Size
31KB
-
MD5
70fb61e4da384dc4bd69e0e3de5f0d03
-
SHA1
34d99b6d1bbad7896dcef64a22bd7a61ca70734f
-
SHA256
f3d11767312676ba55c151aa3e4b602abbe5b5181883b81fb9c29f178bb5bfb2
-
SHA512
4350a1f61e0214455cbbc7f89f621759cbad4d3aad0e73465180dfe3aceaa5d978703e6258b42ff3faec4f15de2ef8bec53d313b2bb028a28b53b1efe4d20b7c
-
SSDEEP
96:taXaXaXaXaXaXaXaXaXaXaXaeGrGrGrGrGrGrGrGrGrGrGrBaXaXaXaXaXaXaXap:iGKTVaN
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-