General
-
Target
document.js
-
Size
12KB
-
Sample
230327-t1g8csgd21
-
MD5
4c68ce2c82c149bf635a6889f8ab79ee
-
SHA1
1459605f639de1549ac2a017f40901bad14e075f
-
SHA256
a1b2dc89cf53829809078cfa4961df67321fdb9323fe9f10b310120d6b9aab5a
-
SHA512
c21aa6e314388cc166ac58f159fe222559f7657d2709be2d1e217c50bd14d6fd7f6eeb0bccde0d82da0f74abb9d40f49eb54dd4a404f2f8c49ea88fc0095e0e4
-
SSDEEP
192:sLpZZb71ltuYf+EKTnC0hIJcvTMC4rAVl//iNlIucYiiwFH2+Nbdq0w:O7Y1TnCWKcvTAud/CO3iwFH2+Na
Static task
static1
Behavioral task
behavioral1
Sample
document.js
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
xxxprofxxx.dnsdojo.com:5126
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
document.js
-
Size
12KB
-
MD5
4c68ce2c82c149bf635a6889f8ab79ee
-
SHA1
1459605f639de1549ac2a017f40901bad14e075f
-
SHA256
a1b2dc89cf53829809078cfa4961df67321fdb9323fe9f10b310120d6b9aab5a
-
SHA512
c21aa6e314388cc166ac58f159fe222559f7657d2709be2d1e217c50bd14d6fd7f6eeb0bccde0d82da0f74abb9d40f49eb54dd4a404f2f8c49ea88fc0095e0e4
-
SSDEEP
192:sLpZZb71ltuYf+EKTnC0hIJcvTMC4rAVl//iNlIucYiiwFH2+Nbdq0w:O7Y1TnCWKcvTAud/CO3iwFH2+Na
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-