General
-
Target
i.png.ps1
-
Size
220KB
-
Sample
230425-hdhd3aag5w
-
MD5
15e5836259cb6f82595c9dee03914e12
-
SHA1
9d1747260f60f3dd615b3fedf3f82f6bab6e46a8
-
SHA256
cd635790fc3913e2133384ead8cd99fa23e22752d24614b2eab2d8e270ea8aa7
-
SHA512
5daa613c2c5e84159beaccad2742d05aaf392e7680bc291319f8bb75f71ee8d9bdaf65d696bc2ee4136549dd1135daa801ce0db4b24a0f3228e37f701c55a70e
-
SSDEEP
1536:WeMD10HxuHY05UIy4rpmLoKZqcxU7SHzqQHw7rRim3ve0pAGFBQDVWQIy9qzRZoe:Nk0t0iInKWQIySpfQNnDYjb31543Apd
Static task
static1
Behavioral task
behavioral1
Sample
i.png.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
45.80.158.237:5558
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
i.png.ps1
-
Size
220KB
-
MD5
15e5836259cb6f82595c9dee03914e12
-
SHA1
9d1747260f60f3dd615b3fedf3f82f6bab6e46a8
-
SHA256
cd635790fc3913e2133384ead8cd99fa23e22752d24614b2eab2d8e270ea8aa7
-
SHA512
5daa613c2c5e84159beaccad2742d05aaf392e7680bc291319f8bb75f71ee8d9bdaf65d696bc2ee4136549dd1135daa801ce0db4b24a0f3228e37f701c55a70e
-
SSDEEP
1536:WeMD10HxuHY05UIy4rpmLoKZqcxU7SHzqQHw7rRim3ve0pAGFBQDVWQIy9qzRZoe:Nk0t0iInKWQIySpfQNnDYjb31543Apd
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-