General

  • Target

    t.png.ps1

  • Size

    226KB

  • Sample

    230501-j9j37seg72

  • MD5

    2e5964cc837e99181da8fbb1a72459f4

  • SHA1

    554eccb95fd042e7b59ae59009e66c02d40bc606

  • SHA256

    bf2d33230f6da074a70938e96042a56f340d26b34511ddd254e10a0293f746b6

  • SHA512

    5f5a3b257260f752ce6b4be76df05784778bc1173f58bf540e05533ef2258fb57163089636fb8f9e46b0ab5e1677b049b8b75fa7622165d3ed2154e3230bee5c

  • SSDEEP

    1536:eeMD10HxuHY05UIy4rpmLoKZqcxU7SHzqQHw7rRim3ve0pAGFBQDVWQIypscdLNk:1k0t0iInKWQIyj37vB1rsz131513ApG

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

alertgeeks.ddnsfree.com:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      t.png.ps1

    • Size

      226KB

    • MD5

      2e5964cc837e99181da8fbb1a72459f4

    • SHA1

      554eccb95fd042e7b59ae59009e66c02d40bc606

    • SHA256

      bf2d33230f6da074a70938e96042a56f340d26b34511ddd254e10a0293f746b6

    • SHA512

      5f5a3b257260f752ce6b4be76df05784778bc1173f58bf540e05533ef2258fb57163089636fb8f9e46b0ab5e1677b049b8b75fa7622165d3ed2154e3230bee5c

    • SSDEEP

      1536:eeMD10HxuHY05UIy4rpmLoKZqcxU7SHzqQHw7rRim3ve0pAGFBQDVWQIypscdLNk:1k0t0iInKWQIyj37vB1rsz131513ApG

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks