General

  • Target

    getmyfirstone.ps1

  • Size

    563KB

  • Sample

    240313-1azhaabe78

  • MD5

    c7a48741b57cfb00da654804801840bd

  • SHA1

    ea6373dcdf09db29b5e740990f77a47507b47571

  • SHA256

    e9dbe17727323427dd4889016fe1cc882aeb087e94ff043d819e7eca567d0aac

  • SHA512

    050b0f392cdbcbe4c4922fbe45e212eb07823d83ae81501ebc77e5ffe9b4a38efb60c3231ca81a5d2169e8e212d3ad375ec0b76f564621b770141fa67b82a186

  • SSDEEP

    6144:XTDEaWyxWqyGSbdJIbhhxUQBcFr2JHe57Dyoyz/CspqV7NapPaZo0CtGBod/wN0r:XTDEarxWqyi

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

newboom

C2

fat7e007707.ddns.net:6666

Mutex

AsyncMutex_FgOyihd6bmvc

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      getmyfirstone.ps1

    • Size

      563KB

    • MD5

      c7a48741b57cfb00da654804801840bd

    • SHA1

      ea6373dcdf09db29b5e740990f77a47507b47571

    • SHA256

      e9dbe17727323427dd4889016fe1cc882aeb087e94ff043d819e7eca567d0aac

    • SHA512

      050b0f392cdbcbe4c4922fbe45e212eb07823d83ae81501ebc77e5ffe9b4a38efb60c3231ca81a5d2169e8e212d3ad375ec0b76f564621b770141fa67b82a186

    • SSDEEP

      6144:XTDEaWyxWqyGSbdJIbhhxUQBcFr2JHe57Dyoyz/CspqV7NapPaZo0CtGBod/wN0r:XTDEarxWqyi

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks