General
-
Target
664b1e31dfe2a502e76c1bfe4d4b7593.ps1.vir
-
Size
212KB
-
Sample
230403-c5e55adf8y
-
MD5
664b1e31dfe2a502e76c1bfe4d4b7593
-
SHA1
cb6442df1aa65a7a1d12123a38c2e4e5de07d99d
-
SHA256
460d093a55b930e733c60575f82183cd0edd52ec6b927cdb4a93dc5da7f0ac9c
-
SHA512
8e5220635e08dba1f6e286f36aa610b3052eaad9807bb6f8ab3f5a64430bfbcf5f6aa62491868ccd5e1942143c278e4051b14b1be01898c7f60601049cafa129
-
SSDEEP
3072:hTPTwLhFrOBsc4VsTKkcU/DNv9O9djB3zNn42SSeAq1ldm:FwLKpKkcUbNv9OPB3zNySeAq1i
Static task
static1
Behavioral task
behavioral1
Sample
664b1e31dfe2a502e76c1bfe4d4b7593.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
nulled2nd.camdvr.org:6666
AsyncMutex_null
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
664b1e31dfe2a502e76c1bfe4d4b7593.ps1.vir
-
Size
212KB
-
MD5
664b1e31dfe2a502e76c1bfe4d4b7593
-
SHA1
cb6442df1aa65a7a1d12123a38c2e4e5de07d99d
-
SHA256
460d093a55b930e733c60575f82183cd0edd52ec6b927cdb4a93dc5da7f0ac9c
-
SHA512
8e5220635e08dba1f6e286f36aa610b3052eaad9807bb6f8ab3f5a64430bfbcf5f6aa62491868ccd5e1942143c278e4051b14b1be01898c7f60601049cafa129
-
SSDEEP
3072:hTPTwLhFrOBsc4VsTKkcU/DNv9O9djB3zNn42SSeAq1ldm:FwLKpKkcUbNv9OPB3zNySeAq1i
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-