General

  • Target

    i.png.ps1

  • Size

    220KB

  • Sample

    230425-hdhd3aag5w

  • MD5

    15e5836259cb6f82595c9dee03914e12

  • SHA1

    9d1747260f60f3dd615b3fedf3f82f6bab6e46a8

  • SHA256

    cd635790fc3913e2133384ead8cd99fa23e22752d24614b2eab2d8e270ea8aa7

  • SHA512

    5daa613c2c5e84159beaccad2742d05aaf392e7680bc291319f8bb75f71ee8d9bdaf65d696bc2ee4136549dd1135daa801ce0db4b24a0f3228e37f701c55a70e

  • SSDEEP

    1536:WeMD10HxuHY05UIy4rpmLoKZqcxU7SHzqQHw7rRim3ve0pAGFBQDVWQIy9qzRZoe:Nk0t0iInKWQIySpfQNnDYjb31543Apd

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

45.80.158.237:5558

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      i.png.ps1

    • Size

      220KB

    • MD5

      15e5836259cb6f82595c9dee03914e12

    • SHA1

      9d1747260f60f3dd615b3fedf3f82f6bab6e46a8

    • SHA256

      cd635790fc3913e2133384ead8cd99fa23e22752d24614b2eab2d8e270ea8aa7

    • SHA512

      5daa613c2c5e84159beaccad2742d05aaf392e7680bc291319f8bb75f71ee8d9bdaf65d696bc2ee4136549dd1135daa801ce0db4b24a0f3228e37f701c55a70e

    • SSDEEP

      1536:WeMD10HxuHY05UIy4rpmLoKZqcxU7SHzqQHw7rRim3ve0pAGFBQDVWQIy9qzRZoe:Nk0t0iInKWQIySpfQNnDYjb31543Apd

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks