General
-
Target
cc789c2b418cf62305d9e1bdb159f4ae.ps1
-
Size
256KB
-
Sample
230425-dd4j3shh4v
-
MD5
cc789c2b418cf62305d9e1bdb159f4ae
-
SHA1
3ad16d9551ca902e101bfecec4eb9e37a0574e2f
-
SHA256
295f4242ed4bebbbc2d8f1e602a9bb4c66a987d7c6e6522590327da91fc40279
-
SHA512
609c93e76206935e5867ebdcc16fc8555aac7c51851b592ed39ebf748809693a73e6cb2d5b49a3704a783d10240f44186f8113191f2fd1e0a6db778e8cc3a6d1
-
SSDEEP
6144:dhMHd8wF9VtLr3EXGpI5cGIE+QIzX6j7PyHl315h3Apw:0Ht9VtLr3EXGpI5cGIhXy7qn
Static task
static1
Behavioral task
behavioral1
Sample
cc789c2b418cf62305d9e1bdb159f4ae.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
josemonila.ddnsfree.com:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
cc789c2b418cf62305d9e1bdb159f4ae.ps1
-
Size
256KB
-
MD5
cc789c2b418cf62305d9e1bdb159f4ae
-
SHA1
3ad16d9551ca902e101bfecec4eb9e37a0574e2f
-
SHA256
295f4242ed4bebbbc2d8f1e602a9bb4c66a987d7c6e6522590327da91fc40279
-
SHA512
609c93e76206935e5867ebdcc16fc8555aac7c51851b592ed39ebf748809693a73e6cb2d5b49a3704a783d10240f44186f8113191f2fd1e0a6db778e8cc3a6d1
-
SSDEEP
6144:dhMHd8wF9VtLr3EXGpI5cGIE+QIzX6j7PyHl315h3Apw:0Ht9VtLr3EXGpI5cGIhXy7qn
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-