General
-
Target
sample.ps1
-
Size
454KB
-
Sample
240313-bjzf7sgc5w
-
MD5
cecbccc6070ba51f95d1fac8efe9d502
-
SHA1
e98f4fe39fdeb1c789c40f59bec00e2113f04e79
-
SHA256
8b3d0a3f0184112cc79752665d658eb8011a1b33fdfbef8d95e597715a828510
-
SHA512
dfe5f7d95c6f664ccf7cf33e2c2937fdd8b3b6477ad7cecf3fb84e96151b506d79a7794481aea737f5dabac3d4c8691952b340c332a99f8fced441a71d295bd1
-
SSDEEP
3072:tjDhiyXBs84VhDEakbyxWq0wswTVqipUEyoL/a:0TDEaWyxWqowYkUEyYi
Static task
static1
Behavioral task
behavioral1
Sample
sample.ps1
Resource
win7-20240220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
VBS_2024
drax2023.run.place:6606
drax2023.run.place:7707
drax2023.run.place:8808
AsyncMutex_vbs202420251
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
sample.ps1
-
Size
454KB
-
MD5
cecbccc6070ba51f95d1fac8efe9d502
-
SHA1
e98f4fe39fdeb1c789c40f59bec00e2113f04e79
-
SHA256
8b3d0a3f0184112cc79752665d658eb8011a1b33fdfbef8d95e597715a828510
-
SHA512
dfe5f7d95c6f664ccf7cf33e2c2937fdd8b3b6477ad7cecf3fb84e96151b506d79a7794481aea737f5dabac3d4c8691952b340c332a99f8fced441a71d295bd1
-
SSDEEP
3072:tjDhiyXBs84VhDEakbyxWq0wswTVqipUEyoL/a:0TDEaWyxWqowYkUEyYi
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-