Overview
overview
10Static
static
1DNTTJVXKZL...QE.bat
windows7-x64
7DNTTJVXKZL...QE.bat
windows10-2004-x64
7DNTTJVXKZL...QE.ps1
windows7-x64
1DNTTJVXKZL...QE.ps1
windows10-2004-x64
1DNTTJVXKZL...QE.vbs
windows7-x64
10DNTTJVXKZL...QE.vbs
windows10-2004-x64
10FFBLHLNEHN...AY.ps1
windows7-x64
1FFBLHLNEHN...AY.ps1
windows10-2004-x64
10General
-
Target
File.zip
-
Size
244KB
-
Sample
231206-k7m8hsdc25
-
MD5
dcefc2402eaf43b7022fc871ac9d876a
-
SHA1
4584a21898055e7f43d3878aa78fca142bfb26da
-
SHA256
57644f7c11a9800bc862bbcdf1709c65894307f050ffe1d7f8e854d783628c43
-
SHA512
adaeb63586ba6606740103fbd1e8eefe004d1381bbe691e1abdbe4a6090e0df3146691f90f2fd15abc59c10ea87042eea385dd610e96c3e62fb6bf35b25523a5
-
SSDEEP
6144:DTNPnfkGrPi24mJsqRAH0L/IL35lmA8A0FoVH7Yj8X9eSuEAfKIDe:FPfnji2TJsqrI3PmtA0FoVH7YAeS3Y2
Static task
static1
Behavioral task
behavioral1
Sample
DNTTJVXKZLJCCXFODKZSQE.bat
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
DNTTJVXKZLJCCXFODKZSQE.bat
Resource
win10v2004-20231130-en
Behavioral task
behavioral3
Sample
DNTTJVXKZLJCCXFODKZSQE.ps1
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
DNTTJVXKZLJCCXFODKZSQE.ps1
Resource
win10v2004-20231127-en
Behavioral task
behavioral5
Sample
DNTTJVXKZLJCCXFODKZSQE.vbs
Resource
win7-20231023-en
Behavioral task
behavioral6
Sample
DNTTJVXKZLJCCXFODKZSQE.vbs
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
FFBLHLNEHNCWJTCUUBSRAY.ps1
Resource
win7-20231201-en
Malware Config
Extracted
asyncrat
| Cracked Jokamer & Jok7oda
1st
cryptojoke.con-ip.com:4444
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
DNTTJVXKZLJCCXFODKZSQE.bat
-
Size
642B
-
MD5
908fa5903600411bd9d1a4d1a31f21d9
-
SHA1
27cebf3de5af7e5df34517e1ea99fb39f0482d60
-
SHA256
3323f1d80a4bd01c95344439789b08b913eb16c5c5747471f84b57ce091a929a
-
SHA512
fd7d4d1d5da68767d954cd1b5bf502df89f869a63972ad32ec643f25f28e324803269d612bc33fc705e82637bf2fcfceaac71684d5369669a227fb7cd4cd00a0
Score7/10-
Registers COM server for autorun
-
-
-
Target
DNTTJVXKZLJCCXFODKZSQE.ps1
-
Size
3KB
-
MD5
e051694e565da8588b13991238e33a99
-
SHA1
58d95f665138830d3a9eb4486a7c68ee09aa5ae3
-
SHA256
b62afb5df50db05a0c7745c977c30edcda0eb6ef69244101958c93438128b913
-
SHA512
df1d5a40870660517e0f277e9e3df30051394bb39a39d2ee9ff3dfe36842d943df949539d958e76d848f251fabb3102a9d5ce95d944716f67ff9bebe423e1b68
Score1/10 -
-
-
Target
DNTTJVXKZLJCCXFODKZSQE.vbs
-
Size
1KB
-
MD5
6ee90b3ed21b56b06f723c0c0cd7e314
-
SHA1
07aa736da386b2c0e10e6391be422026ccc1757f
-
SHA256
3259db8c427af2468418420eb5d42102dae8d422b370ebef742da144a01310e2
-
SHA512
92f4b866c25176b502fac7d572d1cd48bfe801fce6efd2e2f3d7846229407efa0ed3a697b8825659e3e17fda73d5cf02114920cafa9399b0ac8e79087b15a3b1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-
-
-
Target
FFBLHLNEHNCWJTCUUBSRAY.ps1
-
Size
668KB
-
MD5
c272efe749093b19bdcbdc6feecfe88c
-
SHA1
7f199099be439dd71caf4aad8cc01ec1cf73aa3c
-
SHA256
1e7ca2a3abd1a747acfaef416b940c59a5854da057498bf3ae41b31e896b6642
-
SHA512
9d4a0817c3ba4aec2e39c0763fcf69d54d59f7405e5519b4034ac80ec6e630baa954718c582f8a2be71a902cc78de7c447308720ef8fe64c821a23efd5d2772c
-
SSDEEP
1536:gAWW+4VTv5WUr5pDGo3nWmTLbdshmPzkromACMyZCh6Tpdf9vWqDrh0uwqwT35Sk:B
-
Async RAT payload
-
Suspicious use of SetThreadContext
-