General
-
Target
1001e8004955273ef0b530f0f3598230.bin
-
Size
64KB
-
Sample
230601-bc7h8sbg88
-
MD5
3cd81ee3f9c7b01c16b6fca961323ef8
-
SHA1
d08c5dbf836bf36f704623c3b97c5e839f6a4f9e
-
SHA256
15791d65829ba4c6ef16731ce8b9f38035f6138acc584701285ee43b261b56b5
-
SHA512
337ab0e8718c64ffa1e1f547da2de0b86c74a309ea1c053acd602c3fb937dab022f2ee2a5cb290d80144b464a01a91b7427011ceb44889f4600790041feeadb6
-
SSDEEP
1536:k/q4J18BHH0VGtJWscpF2cPmO3kds19ItdgJQRqqNZplH:eq4J1sUGfWNpF2qmOUvdgo9
Static task
static1
Behavioral task
behavioral1
Sample
d41166f1c8bbd3c6bbac0f5c96c4dc867d501c3ce5aeb056686ffa28652facef.ps1
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
josemonila.ddnsfree.com:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
d41166f1c8bbd3c6bbac0f5c96c4dc867d501c3ce5aeb056686ffa28652facef.unknown
-
Size
234KB
-
MD5
1001e8004955273ef0b530f0f3598230
-
SHA1
6970e6cd0ab07c90cf2024bbe0e25292e78f7740
-
SHA256
d41166f1c8bbd3c6bbac0f5c96c4dc867d501c3ce5aeb056686ffa28652facef
-
SHA512
b1151c858274bcaba6d48ea71851d2a088d2b7758e1e7e85a45a011702d7cc59afec75a641474aad6c61f0194c2c7362ef577c49fe30d731591a24e6bf0587b7
-
SSDEEP
3072:usF+Uv1vZCUC+QIiX6Sy7PyHcts315h3ApS5C:zFu+QIiX6j7PyHl315h3Apv
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-