General
-
Target
huh.wsf
-
Size
78KB
-
Sample
231012-k8bk4scd79
-
MD5
3afe73cfaffd88fe0f1deb6a8a2c133a
-
SHA1
eb6bdbe0f846465c3ca1da7fb0828f67fde33c45
-
SHA256
43f0058eddf17e193f8168c7800dbe5754ec2a5b0f505fccca161895a850e56c
-
SHA512
f16d295d84b4c2cd1b26f1e3c5b84153ac202849bc25f56f955a914665bf7baabcd6ef4b5a7118c6ea3356443e8d5f4d55a19483f542624a25f91504b73f1c85
-
SSDEEP
1536:DGJGJ1GJ1GJ1GJIGJ11GJGJ1GJSGJGJ1GJ1GJ1GJoaWEGJGJ1GJ1GJ1GJlGJGJ1t:DGJGJ1GJ1GJ1GJIGJ11GJGJ1GJSGJGJ1
Static task
static1
Behavioral task
behavioral1
Sample
huh.wsf
Resource
win7-20230831-en
Malware Config
Extracted
asyncrat
2022 | Edit 3LOSH RAT
DRAX
itskmc.run.place:6606
itskmc.run.place:7707
itskmc.run.place:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
huh.wsf
-
Size
78KB
-
MD5
3afe73cfaffd88fe0f1deb6a8a2c133a
-
SHA1
eb6bdbe0f846465c3ca1da7fb0828f67fde33c45
-
SHA256
43f0058eddf17e193f8168c7800dbe5754ec2a5b0f505fccca161895a850e56c
-
SHA512
f16d295d84b4c2cd1b26f1e3c5b84153ac202849bc25f56f955a914665bf7baabcd6ef4b5a7118c6ea3356443e8d5f4d55a19483f542624a25f91504b73f1c85
-
SSDEEP
1536:DGJGJ1GJ1GJ1GJIGJ11GJGJ1GJSGJGJ1GJ1GJ1GJoaWEGJGJ1GJ1GJ1GJlGJGJ1t:DGJGJ1GJ1GJ1GJIGJ11GJGJ1GJSGJGJ1
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-