General
-
Target
ef4167fa576c497ae8d67f21426cc907.bin
-
Size
60KB
-
Sample
230426-b9vkyaed22
-
MD5
3e540e85278b82ffac026d5cb26f2664
-
SHA1
df56d178b0dbd50da9cf9894a2a99f5901c52591
-
SHA256
43b8031b5e4f9c2184fe64594ec1e53794d51fe49e9edd13b785512160fff3de
-
SHA512
7c5b1cee14aeb394266f067f00a40a0ae18f273726fb52edd98653421ce41dbc22cfca5cd4a678099090f3f4694ecdf655fe93eaaa0a07c4e948edb9b522e153
-
SSDEEP
1536:EhiFeNxCtqxy29KnoUnpG94/a7KcQSBNIHEl6ncQdvXJUmeA:EYeNxCmQ3pGMOIHjcQdCA
Static task
static1
Behavioral task
behavioral1
Sample
921b4f6811d98c61b29a90639c2cf9dde8194bbf0c4ffac7eab55a2fc598bdcd.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
bahrdevo.endoftheinternet.org:6606
bahrdevo.endoftheinternet.org:7707
bahrdevo.endoftheinternet.org:8808
AsyncMutex_gekPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
921b4f6811d98c61b29a90639c2cf9dde8194bbf0c4ffac7eab55a2fc598bdcd.unknown
-
Size
226KB
-
MD5
ef4167fa576c497ae8d67f21426cc907
-
SHA1
8c2fcf767b315632616717cbce801bccb3958f7b
-
SHA256
921b4f6811d98c61b29a90639c2cf9dde8194bbf0c4ffac7eab55a2fc598bdcd
-
SHA512
20c51b4ca12c5548b7d7d4b33afe7ceaa299de45b2579bf5cd36decfb1375538a014afc10ebe8a7580ea8885ebdc8c3619a4ade260ff9d840d8a8665adbd6c97
-
SSDEEP
6144:gk0t0ZnKWQIixAxI0M6yPQ7FuiIpUCLR7mzCl6Vhp315D3Ap+:gk0t0ZOxAxI0MfPQ7FuiIpUCLR7mzClw
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-