General
-
Target
15-10-10-36.JS.js
-
Size
75KB
-
Sample
230324-hfsykscf99
-
MD5
5e2d96e18e9f50558282b844f9af47c6
-
SHA1
5b5b3ba7c3f233f18c9eaef6903ba9e9c2cfce7b
-
SHA256
927fcfec5aca05e59135e5679883db421b1d78d3b0ee44e316cb2f3da1ba399d
-
SHA512
b36b8cca43db5e83f71ed417163703f699e3c1d31f46f7844fbb90adecc3f8ab5efa74969e95acb9d7dfbe67b06df08494d8fd14da32086c995c799d44a67149
-
SSDEEP
1536:l+++++++++++g+++++++++++M+++++++++++H+++++++++++7+++++++++++I++C:q
Static task
static1
Behavioral task
behavioral1
Sample
15-10-10-36.JS.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
15-10-10-36.JS.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Cairo
admincairo.linkpc.net:7707
AsyncMutex_move
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
15-10-10-36.JS.js
-
Size
75KB
-
MD5
5e2d96e18e9f50558282b844f9af47c6
-
SHA1
5b5b3ba7c3f233f18c9eaef6903ba9e9c2cfce7b
-
SHA256
927fcfec5aca05e59135e5679883db421b1d78d3b0ee44e316cb2f3da1ba399d
-
SHA512
b36b8cca43db5e83f71ed417163703f699e3c1d31f46f7844fbb90adecc3f8ab5efa74969e95acb9d7dfbe67b06df08494d8fd14da32086c995c799d44a67149
-
SSDEEP
1536:l+++++++++++g+++++++++++M+++++++++++H+++++++++++7+++++++++++I++C:q
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-