General
-
Target
Adoc-PDFPasswordedaround_V16AEYj.wsf
-
Size
198KB
-
Sample
230606-rqjx4aef7w
-
MD5
238ead4420470bac07e1f77e789af46b
-
SHA1
ed5a3f475ff87fa5ebc994404c83b8d8afea1aec
-
SHA256
0024eeff7a3739674fa0c70d7ede07f8b763a795fe05e3908e058cb1d10ac2c3
-
SHA512
55326e40fca8c6908b9d939bb628a065e615a490cfc6491e511c797e1f350ddfecc55df0cac6d60d9812aaa1d70c7965444437145dc7d0a3d0855c056a264bbc
-
SSDEEP
384:13XU3XU3XU3XU3XU3XU3XU3XU3XU3XU3XU3Xcp3XU3XU3XU3XU3XU3XU3XU3XU3o:y
Static task
static1
Behavioral task
behavioral1
Sample
Adoc-PDFPasswordedaround_V16AEYj.wsf
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
195.178.120.137:4001
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Adoc-PDFPasswordedaround_V16AEYj.wsf
-
Size
198KB
-
MD5
238ead4420470bac07e1f77e789af46b
-
SHA1
ed5a3f475ff87fa5ebc994404c83b8d8afea1aec
-
SHA256
0024eeff7a3739674fa0c70d7ede07f8b763a795fe05e3908e058cb1d10ac2c3
-
SHA512
55326e40fca8c6908b9d939bb628a065e615a490cfc6491e511c797e1f350ddfecc55df0cac6d60d9812aaa1d70c7965444437145dc7d0a3d0855c056a264bbc
-
SSDEEP
384:13XU3XU3XU3XU3XU3XU3XU3XU3XU3XU3XU3Xcp3XU3XU3XU3XU3XU3XU3XU3XU3o:y
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-