General
-
Target
fb3c7a8f-e0ee-474d-918c-a9df0bbfe45c.js
-
Size
7KB
-
Sample
231207-jff5fshhcq
-
MD5
b2195fa1ea604007f7a3664e0e49f591
-
SHA1
915985302f8fb7f37d07d22a8ec5cb5e8005fb47
-
SHA256
8550509a02f745f281a2a87c1f336b0fca32bd51c1074b281e5772e5c8a6ff60
-
SHA512
478d9dcd9391a2e224bd291325dde58883d197d4cec1d989a3f054363dc03e19075e174058db828fbfc668cb76e2cd2b73782bbad3cd6a582383a62d37a8b977
-
SSDEEP
96:xBdMQYYVlVS+RwbkiEi3gkFmRePXywbkOEi3ckFmRePXuUxBbLDIX3FU3i:qQYYXVS+R9SgbEPihScbEP+cBb+3FGi
Static task
static1
Behavioral task
behavioral1
Sample
fb3c7a8f-e0ee-474d-918c-a9df0bbfe45c.js
Resource
win7-20231023-en
Malware Config
Extracted
http://23.145.120.49:249/js.jpg
Extracted
https://nodejs.org/download/release/v6.17.1/win-x64/node.exe
Extracted
asyncrat
AWS | 3Losh
Js
wpmediatech.com:6606
wpmediatech.com:7707
wpmediatech.com:8808
AsyncMutex_aloshx
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
fb3c7a8f-e0ee-474d-918c-a9df0bbfe45c.js
-
Size
7KB
-
MD5
b2195fa1ea604007f7a3664e0e49f591
-
SHA1
915985302f8fb7f37d07d22a8ec5cb5e8005fb47
-
SHA256
8550509a02f745f281a2a87c1f336b0fca32bd51c1074b281e5772e5c8a6ff60
-
SHA512
478d9dcd9391a2e224bd291325dde58883d197d4cec1d989a3f054363dc03e19075e174058db828fbfc668cb76e2cd2b73782bbad3cd6a582383a62d37a8b977
-
SSDEEP
96:xBdMQYYVlVS+RwbkiEi3gkFmRePXywbkOEi3ckFmRePXuUxBbLDIX3FU3i:qQYYXVS+R9SgbEPihScbEP+cBb+3FGi
-
Detect ZGRat V1
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-