Overview

overview

10

Static

static

1

iz.ps1

windows7-x64

1

iz.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    iz.ps1

  • Size

    4.0MB

  • Sample

    240409-117atadg82

  • MD5

    968bfb3b6f1f84b02918da9bc2c9ae34

  • SHA1

    1a8e6d42791150b7340fa5194fbe525f031aa087

  • SHA256

    fcd200ea6c0d5ee2e6e011fb07a89d5bcf76c5b91f7bb45c936f492c70fe8dae

  • SHA512

    adfa1b6ef34849bae1c79281c831126ecc8d04941effb9a11843177b1a91476f090c25c409ba3ae73b75864f5a4e457e4cd64d42041ed8abe93a5dfdc0aa319b

  • SSDEEP

    24576:sIqpMMFDRlWa/OdXSWSvlgF381gWz5E4XLlm0hk/+tLUuODrPjtInrDHw1+h+YGY:+CgKYQS

Score
10/10
asyncratstealeriumdefaultratstealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

91.92.252.234:3232

Mutex

R开诶DZUN5贼A5MΙ1开7ΘxZΙ

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      iz.ps1

    • Size

      4.0MB

    • MD5

      968bfb3b6f1f84b02918da9bc2c9ae34

    • SHA1

      1a8e6d42791150b7340fa5194fbe525f031aa087

    • SHA256

      fcd200ea6c0d5ee2e6e011fb07a89d5bcf76c5b91f7bb45c936f492c70fe8dae

    • SHA512

      adfa1b6ef34849bae1c79281c831126ecc8d04941effb9a11843177b1a91476f090c25c409ba3ae73b75864f5a4e457e4cd64d42041ed8abe93a5dfdc0aa319b

    • SSDEEP

      24576:sIqpMMFDRlWa/OdXSWSvlgF381gWz5E4XLlm0hk/+tLUuODrPjtInrDHw1+h+YGY:+CgKYQS

    Score
    10/10
    asyncratstealeriumdefaultratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

      rat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks