General
-
Target
Microsoft.ps1
-
Size
218KB
-
Sample
230403-mmn1esff2v
-
MD5
ca38aaf8ede575784e240b6f2ea5c948
-
SHA1
77aac617067526993329f6dcb76446f62b658f06
-
SHA256
8501de3d3e0cb356f11439fc0425a60e8aefd8c24ed7015fffff4334d63e962b
-
SHA512
eb0e4a0e5f62f990fe1708967dd54f76ab72088c2b79786af21f80a195884612e5aed391c99541d5895101345051b7806ccc05ed991e4128b5d42d03b011e0e8
-
SSDEEP
3072:QTPTwLhFrOBsc4VsTKkcU/DNv9O9dDp5+NYuK5sj315j3Apx:kwLKpKkcUbNv9OPpYNYuKq315j3Apx
Static task
static1
Behavioral task
behavioral1
Sample
Microsoft.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
US
185.81.157.209:2301
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Microsoft.ps1
-
Size
218KB
-
MD5
ca38aaf8ede575784e240b6f2ea5c948
-
SHA1
77aac617067526993329f6dcb76446f62b658f06
-
SHA256
8501de3d3e0cb356f11439fc0425a60e8aefd8c24ed7015fffff4334d63e962b
-
SHA512
eb0e4a0e5f62f990fe1708967dd54f76ab72088c2b79786af21f80a195884612e5aed391c99541d5895101345051b7806ccc05ed991e4128b5d42d03b011e0e8
-
SSDEEP
3072:QTPTwLhFrOBsc4VsTKkcU/DNv9O9dDp5+NYuK5sj315j3Apx:kwLKpKkcUbNv9OPpYNYuKq315j3Apx
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-