General
-
Target
t.png.ps1
-
Size
256KB
-
Sample
230501-j9kdzaeg73
-
MD5
ec3fb005182c03e31ad5f652fcaf433a
-
SHA1
1d1533e4c07dc0f21235e2011f1e99e263aa1114
-
SHA256
6e39cc4bf7d911b9b6b47d0ca860df4b405386a8232943cd9e4a7f03d2027c0c
-
SHA512
8ce1740ff066dae5edeffd56fe79e597a66ecce8e4fc83563c2e772461a4e5978aa44db531f74fad38db0a1e0aae0d4d9bf53cba3b43daa77f45b43be2e8fb78
-
SSDEEP
6144:dhMHd8wF9VtLr3EXGpI5cGIE+QI33INenAZYn+FphxVC4werLfEM2QI6ii4jqJrB:0Ht9VtLr3EXGpI5cGIp3INenAZQ+Fphx
Static task
static1
Behavioral task
behavioral1
Sample
t.png.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
ghoss.freeddns.org:6606
ghoss.freeddns.org:7707
ghoss.freeddns.org:8808
AsyncMutex_6SI68OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
t.png.ps1
-
Size
256KB
-
MD5
ec3fb005182c03e31ad5f652fcaf433a
-
SHA1
1d1533e4c07dc0f21235e2011f1e99e263aa1114
-
SHA256
6e39cc4bf7d911b9b6b47d0ca860df4b405386a8232943cd9e4a7f03d2027c0c
-
SHA512
8ce1740ff066dae5edeffd56fe79e597a66ecce8e4fc83563c2e772461a4e5978aa44db531f74fad38db0a1e0aae0d4d9bf53cba3b43daa77f45b43be2e8fb78
-
SSDEEP
6144:dhMHd8wF9VtLr3EXGpI5cGIE+QI33INenAZYn+FphxVC4werLfEM2QI6ii4jqJrB:0Ht9VtLr3EXGpI5cGIp3INenAZQ+Fphx
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-