General
-
Target
Information About Current Social Security Benefits Your Statement Benefit ID#260_XXX_A0008731.JS.js
-
Size
31KB
-
Sample
230508-qdr79sce7w
-
MD5
2a634644d7c354641e8669dc224efa6e
-
SHA1
f3846d63fcf5dfbaaa61351c23fa352f44a07ac6
-
SHA256
a779a194e7901ef59d91eef611fb4973560b399dfe4df6b6e64f07fd254d271a
-
SHA512
18ba9370cf1f336afacc13cdd8129236b45ffd16f8b3d017602b9130291a89f9cdb9ccb60394cbb668b12f4ec9dfb33f1b8a917efc3baaed30b113852a9c5936
-
SSDEEP
768:sggggggggggg8ggggggggggg5GgggggggggggygggggggggggzDgggggggggggkb:sggggggggggg8gggggggggggoggggggk
Static task
static1
Behavioral task
behavioral1
Sample
Information About Current Social Security Benefits Your Statement Benefit ID#260_XXX_A0008731.JS.js
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
194.87.151.125:7399
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Information About Current Social Security Benefits Your Statement Benefit ID#260_XXX_A0008731.JS.js
-
Size
31KB
-
MD5
2a634644d7c354641e8669dc224efa6e
-
SHA1
f3846d63fcf5dfbaaa61351c23fa352f44a07ac6
-
SHA256
a779a194e7901ef59d91eef611fb4973560b399dfe4df6b6e64f07fd254d271a
-
SHA512
18ba9370cf1f336afacc13cdd8129236b45ffd16f8b3d017602b9130291a89f9cdb9ccb60394cbb668b12f4ec9dfb33f1b8a917efc3baaed30b113852a9c5936
-
SSDEEP
768:sggggggggggg8ggggggggggg5GgggggggggggygggggggggggzDgggggggggggkb:sggggggggggg8gggggggggggoggggggk
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-