General
-
Target
180a79cff5ef91ecd744a35b2e433d0a4aae0e4d3b87c40e8e51f5ca02aac4d6.lnk
-
Size
3KB
-
Sample
230328-vsy2kscb73
-
MD5
3b806fe4f970a98064a83d04a8921b7f
-
SHA1
57c975d687878b6c0f86629a4ae908f5d7e25e13
-
SHA256
180a79cff5ef91ecd744a35b2e433d0a4aae0e4d3b87c40e8e51f5ca02aac4d6
-
SHA512
9947eac784e2cd364640a63d7ad648465f3b389d3485bc20db7078396497f1a025fafb34110439de9d35425e66fc32a7ed81c50e6a38c32a473f026afd431422
Static task
static1
Behavioral task
behavioral1
Sample
180a79cff5ef91ecd744a35b2e433d0a4aae0e4d3b87c40e8e51f5ca02aac4d6.lnk
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
180a79cff5ef91ecd744a35b2e433d0a4aae0e4d3b87c40e8e51f5ca02aac4d6.lnk
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
nulled2nd.camdvr.org:6666
AsyncMutex_null
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
180a79cff5ef91ecd744a35b2e433d0a4aae0e4d3b87c40e8e51f5ca02aac4d6.lnk
-
Size
3KB
-
MD5
3b806fe4f970a98064a83d04a8921b7f
-
SHA1
57c975d687878b6c0f86629a4ae908f5d7e25e13
-
SHA256
180a79cff5ef91ecd744a35b2e433d0a4aae0e4d3b87c40e8e51f5ca02aac4d6
-
SHA512
9947eac784e2cd364640a63d7ad648465f3b389d3485bc20db7078396497f1a025fafb34110439de9d35425e66fc32a7ed81c50e6a38c32a473f026afd431422
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-