General

  • Target

    t.png.ps1

  • Size

    256KB

  • Sample

    230501-j9kdzaeg73

  • MD5

    ec3fb005182c03e31ad5f652fcaf433a

  • SHA1

    1d1533e4c07dc0f21235e2011f1e99e263aa1114

  • SHA256

    6e39cc4bf7d911b9b6b47d0ca860df4b405386a8232943cd9e4a7f03d2027c0c

  • SHA512

    8ce1740ff066dae5edeffd56fe79e597a66ecce8e4fc83563c2e772461a4e5978aa44db531f74fad38db0a1e0aae0d4d9bf53cba3b43daa77f45b43be2e8fb78

  • SSDEEP

    6144:dhMHd8wF9VtLr3EXGpI5cGIE+QI33INenAZYn+FphxVC4werLfEM2QI6ii4jqJrB:0Ht9VtLr3EXGpI5cGIp3INenAZQ+Fphx

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

ghoss.freeddns.org:6606

ghoss.freeddns.org:7707

ghoss.freeddns.org:8808

Mutex

AsyncMutex_6SI68OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      t.png.ps1

    • Size

      256KB

    • MD5

      ec3fb005182c03e31ad5f652fcaf433a

    • SHA1

      1d1533e4c07dc0f21235e2011f1e99e263aa1114

    • SHA256

      6e39cc4bf7d911b9b6b47d0ca860df4b405386a8232943cd9e4a7f03d2027c0c

    • SHA512

      8ce1740ff066dae5edeffd56fe79e597a66ecce8e4fc83563c2e772461a4e5978aa44db531f74fad38db0a1e0aae0d4d9bf53cba3b43daa77f45b43be2e8fb78

    • SSDEEP

      6144:dhMHd8wF9VtLr3EXGpI5cGIE+QI33INenAZYn+FphxVC4werLfEM2QI6ii4jqJrB:0Ht9VtLr3EXGpI5cGIp3INenAZQ+Fphx

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks