General
-
Target
ff1b064b71fa0f332b1efd96784d4c4412da9848c0fcb7f6f9e78a914a70daae
-
Size
531KB
-
Sample
240417-rqgsqsbf99
-
MD5
4d12e30e2a09a62999e6863c94d66e8d
-
SHA1
4b625deeb887c6d8c2116668e6e6ded7066d0bb6
-
SHA256
ff1b064b71fa0f332b1efd96784d4c4412da9848c0fcb7f6f9e78a914a70daae
-
SHA512
55f6d20e00015575a7078a87a45eada3b572a9a167567d0f632aef0b6802cb1b55aea9fcf8c1a431957272f2e70ab3d72869d2b5acba9f6a99864d49bbeae46d
-
SSDEEP
12288:em18e1TdoWWKIooyLm4WfZlUqYnB0ab73DXzkLFQxib:eTeL6HyLfWfZKnDML4Q
Static task
static1
Behavioral task
behavioral1
Sample
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
2024
rat.loseyourip.com:6606
rat.loseyourip.com:7707
rat.loseyourip.com:8808
Async_2024
-
delay
3
-
install
true
-
install_file
csrss.exe
-
install_folder
%Temp%
Targets
-
-
Target
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe
-
Size
679KB
-
MD5
170ed51ddb22cd75bf0fa4fa2a1bb6c4
-
SHA1
2e74fd6be27a77a883208db0d09524f15dfa7d00
-
SHA256
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d
-
SHA512
ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865
-
SSDEEP
12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-