General
-
Target
cc789c2b418cf62305d9e1bdb159f4ae.bin
-
Size
86KB
-
Sample
230426-b6bcwsgc3y
-
MD5
94e61e71a71d6a431807b2555ce79eac
-
SHA1
a161e9f68b7a71b63b1a1d3841ca98a96e3a3364
-
SHA256
07099c9e6fd300dcf827e4a525dd8520e1ee30c0e1197933c8b3f1f895b734cd
-
SHA512
c60ec4da3491206c5e4f3f5ec4952607254803c9d19aed5289267c4d2907ab88d6d86d8c4db02c441a95aa077924e1aa07d4eabf334831d76c01dc410060c666
-
SSDEEP
1536:VjsYfK9zLSfpO24nqFqPO0eJza9ZfQ28fdKS4wiA2tZX/ClAtVi6UsJw8WJfZCMu:V7bc2yqFu9tQ281KSqdKU1/w8WllKT
Static task
static1
Behavioral task
behavioral1
Sample
295f4242ed4bebbbc2d8f1e602a9bb4c66a987d7c6e6522590327da91fc40279.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
josemonila.ddnsfree.com:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
295f4242ed4bebbbc2d8f1e602a9bb4c66a987d7c6e6522590327da91fc40279.unknown
-
Size
256KB
-
MD5
cc789c2b418cf62305d9e1bdb159f4ae
-
SHA1
3ad16d9551ca902e101bfecec4eb9e37a0574e2f
-
SHA256
295f4242ed4bebbbc2d8f1e602a9bb4c66a987d7c6e6522590327da91fc40279
-
SHA512
609c93e76206935e5867ebdcc16fc8555aac7c51851b592ed39ebf748809693a73e6cb2d5b49a3704a783d10240f44186f8113191f2fd1e0a6db778e8cc3a6d1
-
SSDEEP
6144:dhMHd8wF9VtLr3EXGpI5cGIE+QIzX6j7PyHl315h3Apw:0Ht9VtLr3EXGpI5cGIhXy7qn
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-