General
-
Target
J.png
-
Size
571KB
-
Sample
230402-zdl6paae34
-
MD5
cfa306c7cae61b3ffef8c6af0c521bf1
-
SHA1
6269028daacb6ae8bf6b78b1d076fa0abf606939
-
SHA256
4152aa9073b4490e5e07590c816e5bea59285e51649f3dc1a6f001bb2045ea9f
-
SHA512
645787302c16ade46a08ab5cbd7761e85870d964c991f1c01109b0e89f220c6aba03082a2b910857a0ab3e605f8ece4f1d21d5789d78acb83ba17f31d85c060b
-
SSDEEP
1536:M+fNYbUBC9rBWPSPmtPtSh/FWUHUQ7ql0GldT897z3MlXHX62nkJWz9vfhaZffcT:Bo74Pdw32lk0VhEeAq17d3
Static task
static1
Behavioral task
behavioral1
Sample
J.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
xxxpasoxxx.ddnsfree.com:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
J.png
-
Size
571KB
-
MD5
cfa306c7cae61b3ffef8c6af0c521bf1
-
SHA1
6269028daacb6ae8bf6b78b1d076fa0abf606939
-
SHA256
4152aa9073b4490e5e07590c816e5bea59285e51649f3dc1a6f001bb2045ea9f
-
SHA512
645787302c16ade46a08ab5cbd7761e85870d964c991f1c01109b0e89f220c6aba03082a2b910857a0ab3e605f8ece4f1d21d5789d78acb83ba17f31d85c060b
-
SSDEEP
1536:M+fNYbUBC9rBWPSPmtPtSh/FWUHUQ7ql0GldT897z3MlXHX62nkJWz9vfhaZffcT:Bo74Pdw32lk0VhEeAq17d3
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-