General
-
Target
8x.ps1
-
Size
424KB
-
Sample
231116-znpdssgf4z
-
MD5
a4f5f2b9250e61e89e53a30f976a4823
-
SHA1
8f5bcdfdc3b3b7081d03e60b8af2b377273fe2fb
-
SHA256
0979a391997dc0b6bdf23949b5f99ea2ef1cf51287c63b7332bbd498e5cf9514
-
SHA512
9955f9951e1eb74287a69bc9a2fac68ac2f3d4e96e3f12ec238090a7a7044771f20628d02d2562319e22f537e98ff7196d56d2f74c6a7af7b2276a0e23cf2e33
-
SSDEEP
3072:YLxEUM7rH9yLY9K9J7xV1G+uadUEAGnTBdjaATUfWwLC5ImBK5W9Fp81fABAUves:YLxEUM7rH9yLY9K9ZTUOwqYyfbZ
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Sended@
hexrxr.duckdns.org:6606
hexrxr.duckdns.org:7707
hexrxr.duckdns.org:8808
AsyncMutex_85&$nkeo4%hifbe
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
8x.ps1
-
Size
424KB
-
MD5
a4f5f2b9250e61e89e53a30f976a4823
-
SHA1
8f5bcdfdc3b3b7081d03e60b8af2b377273fe2fb
-
SHA256
0979a391997dc0b6bdf23949b5f99ea2ef1cf51287c63b7332bbd498e5cf9514
-
SHA512
9955f9951e1eb74287a69bc9a2fac68ac2f3d4e96e3f12ec238090a7a7044771f20628d02d2562319e22f537e98ff7196d56d2f74c6a7af7b2276a0e23cf2e33
-
SSDEEP
3072:YLxEUM7rH9yLY9K9J7xV1G+uadUEAGnTBdjaATUfWwLC5ImBK5W9Fp81fABAUves:YLxEUM7rH9yLY9K9ZTUOwqYyfbZ
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-