General
-
Target
2db3713a8df0569d1108106045553d72.bin
-
Size
55KB
-
Sample
230426-bgp5raga6v
-
MD5
7bd62d79ddea99ccf9f864d7ce562ded
-
SHA1
160a227be3d26195cc15ff66f68a020b876f7cd5
-
SHA256
184fc21aaf483c7233986eb9ed04b2ac296a2e7e42d5217db5bdb501917ed694
-
SHA512
dc875af283a269814b22c0fd6a9537f05605c21c9481d4b4e7610e6eeda3a1d59d4c61dc52f4a09113332dd815634422e5d13ff72def9efbcb1f71f4569074d7
-
SSDEEP
1536:QfUS9PqJLEdNNcxo/gvQhZ3UEzxJ7UYFngqpi:QMS9ypUsdG7Lmei
Static task
static1
Behavioral task
behavioral1
Sample
d05e72b5d5ee62a18b8c24b92309a2bdabd8149499845a0418fa226da367a62f.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
185.241.208.97:5505
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
d05e72b5d5ee62a18b8c24b92309a2bdabd8149499845a0418fa226da367a62f.unknown
-
Size
211KB
-
MD5
2db3713a8df0569d1108106045553d72
-
SHA1
013ec89c7c225bec44d18840a8ca53c0907d6108
-
SHA256
d05e72b5d5ee62a18b8c24b92309a2bdabd8149499845a0418fa226da367a62f
-
SHA512
ac53ed5c8f52c4b7d1c1a5b1f1bc2e8b540f63251d89493410faeeec865684473a6090928c4201183ba816a441ba4309b2019a9ef8552ac6ada85d56b03b78a7
-
SSDEEP
6144:gk0t0ZnKWQIypMjiBBBBBBBBBr2BBeFBBtgBBRfZGjowmGcAe3Apj:gk0t0ZdjiBBBBBBBBBr2BBeFBBtgBBq
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-