General
-
Target
Script.ps1
-
Size
3.0MB
-
Sample
240117-p126bafchj
-
MD5
6349f57269dc13dc24801eef0a8c7471
-
SHA1
1aaf1d378ae017eb4ef0acd99785045b87acea2e
-
SHA256
47934d16bb9eb03d83a175dd6c8f81daa0f88b49400c3145582e78ed2e0ffdb9
-
SHA512
a8ef89eeed30f935268288bf10aad19c1c26469d1aaa2046e75853d8e377cacd39d7e006b42b845edb0d33478089540352a1336497d5cac85bbe1140123c4f14
-
SSDEEP
49152:oOoGplknzGGYIRIAlyOoTjm3OlZ8DYPpOm:
Static task
static1
Behavioral task
behavioral1
Sample
Script.ps1
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
Venom Pwn3rzs' Edtition v6.0.1
Default
194.33.191.245:2405
ucglovygcuqcsabs
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Script.ps1
-
Size
3.0MB
-
MD5
6349f57269dc13dc24801eef0a8c7471
-
SHA1
1aaf1d378ae017eb4ef0acd99785045b87acea2e
-
SHA256
47934d16bb9eb03d83a175dd6c8f81daa0f88b49400c3145582e78ed2e0ffdb9
-
SHA512
a8ef89eeed30f935268288bf10aad19c1c26469d1aaa2046e75853d8e377cacd39d7e006b42b845edb0d33478089540352a1336497d5cac85bbe1140123c4f14
-
SSDEEP
49152:oOoGplknzGGYIRIAlyOoTjm3OlZ8DYPpOm:
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-