General
-
Target
5df47d50e52c1cdb011c12bfe2ed1203.bin
-
Size
248KB
-
Sample
230324-bxsktabd55
-
MD5
aebdd6e866c27162f4bf22c988ca4329
-
SHA1
2cc960192471d276064f97cbb6aa7092f4e5f632
-
SHA256
af5fa1927101b49f6f19adebc870299a767d2ba0a4787d5ac9d62d2b8df69ac6
-
SHA512
73b6b16ba5d5a3fd184daedfa7523330e85527086507b138d65fba47283fac2d2d20711952d4c367784f1611ca6941458a8e989774d55e3f491ccc6343f876f3
-
SSDEEP
6144:3pPa31ia3xwmrekOp59H1FOjk82Wufspd5tq3OX5N:3pTXmrxOz36zwspd5tXX5N
Static task
static1
Behavioral task
behavioral1
Sample
d623550382d57e1f3b8a521f00d4f05179da3073ac07d4ccaf4ced2999afc18b.ps1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d623550382d57e1f3b8a521f00d4f05179da3073ac07d4ccaf4ced2999afc18b.ps1
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Cairo
admincairo.linkpc.net:7707
AsyncMutex_move
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
d623550382d57e1f3b8a521f00d4f05179da3073ac07d4ccaf4ced2999afc18b.ps1
-
Size
689KB
-
MD5
5df47d50e52c1cdb011c12bfe2ed1203
-
SHA1
587b8357692cf1801a4aed650f5965ed5ee7337c
-
SHA256
d623550382d57e1f3b8a521f00d4f05179da3073ac07d4ccaf4ced2999afc18b
-
SHA512
096b87351742ab9598b8db72f889d1e75248a4c00e3bf5d4d0bd1ca048b023b9df5d412c3bb4354325f987830e2b795b623f22b766508ef89ccdbf0dd21729e5
-
SSDEEP
1536:zJ7guVMqP/wdjeE4+vTrDLq4m/R6p0mZEWF7L9nGuWsMwAZJffqWyaUUhmQv/2sy:a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Registers COM server for autorun
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-