General
-
Target
rNewOrder.bat.exe
-
Size
679KB
-
Sample
240216-p3gmdsbc3t
-
MD5
170ed51ddb22cd75bf0fa4fa2a1bb6c4
-
SHA1
2e74fd6be27a77a883208db0d09524f15dfa7d00
-
SHA256
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d
-
SHA512
ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865
-
SSDEEP
12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8
Static task
static1
Behavioral task
behavioral1
Sample
rNewOrder.bat.exe
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
2024
rat.loseyourip.com:6606
rat.loseyourip.com:7707
rat.loseyourip.com:8808
Async_2024
-
delay
3
-
install
true
-
install_file
csrss.exe
-
install_folder
%Temp%
Targets
-
-
Target
rNewOrder.bat.exe
-
Size
679KB
-
MD5
170ed51ddb22cd75bf0fa4fa2a1bb6c4
-
SHA1
2e74fd6be27a77a883208db0d09524f15dfa7d00
-
SHA256
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d
-
SHA512
ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865
-
SSDEEP
12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-