General
-
Target
077977e4f303e6bd85e495d1161aa037.bin
-
Size
60KB
-
Sample
230426-bcwfzaga4x
-
MD5
d000670f6098de8363e42829c8691118
-
SHA1
af23ed33474a50052fd575f1ef753d59e27c2ad2
-
SHA256
212ec11d69c0c0c9e97f5cc50ebce68475140b9fd85c322998a8c198ab9d4ebf
-
SHA512
8bbba1a3c37cc6d50f7bb1d29ad737f6b4df87de82e35255a0dbcd2f37bd8525d1c5aeaf95b49bf4620562c727d4bedf71d4e854ff9b3201506922ce7d6ed461
-
SSDEEP
768:09f4AiWtCalVPoMz/0FEn68bYyK08U499xPSqFsCXSYhdckgJZ98Ca4ZmvRE8hD7:0loQ+g+iVK0AjPhBXybZ913mJEc/7j
Static task
static1
Behavioral task
behavioral1
Sample
10882cb1fc5cfdf37b2bb6ea6ea9189f39ae8f0889eac96866cb72e3ea4e4b3c.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
195.178.120.137:4001
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
10882cb1fc5cfdf37b2bb6ea6ea9189f39ae8f0889eac96866cb72e3ea4e4b3c.unknown
-
Size
226KB
-
MD5
077977e4f303e6bd85e495d1161aa037
-
SHA1
5dcebf0ed722733446426b0146e64259dce54097
-
SHA256
10882cb1fc5cfdf37b2bb6ea6ea9189f39ae8f0889eac96866cb72e3ea4e4b3c
-
SHA512
5fbdcfd9fe65fe27def2f3565162fc530bb15ad44d8a3454babf40f5a3540d1bdd62aed0c21b28c5acd43907266b36278b76532273a8180e336622cf2899a4f3
-
SSDEEP
3072:Vk0t0iInKWQIy/pfnO5jEeu4BR315a3Aph:Vk0t0ZnKWQI8pvO5Aeu4H315a3Aph
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-