General
-
Target
big.ps1
-
Size
11.2MB
-
Sample
240418-m933vsbc47
-
MD5
cbf8ae11065184964e7ee9533836c668
-
SHA1
34047bde03d2615d876d21106538e27132c81ae6
-
SHA256
791722d558475d9ed6219a5b22c6cb2df2a18928a5cc5b7b341f59fc024093c9
-
SHA512
a5e9b59a00327f0da6006f43edff006caf26271f7d25a1bcc094bc9d94db9da63fc6fbe26183a1745acf6e2fe86b1f600725c7f3677a06bcc7d12e216e764b40
-
SSDEEP
49152:/H+uozbw6H4JCHhy2rc70OvlOXFSP7gVf:2
Static task
static1
Behavioral task
behavioral1
Sample
big.ps1
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
big.ps1
Resource
win10v2004-20240412-en
Malware Config
Extracted
asyncrat
Default
91.92.252.234:3232
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
big.ps1
-
Size
11.2MB
-
MD5
cbf8ae11065184964e7ee9533836c668
-
SHA1
34047bde03d2615d876d21106538e27132c81ae6
-
SHA256
791722d558475d9ed6219a5b22c6cb2df2a18928a5cc5b7b341f59fc024093c9
-
SHA512
a5e9b59a00327f0da6006f43edff006caf26271f7d25a1bcc094bc9d94db9da63fc6fbe26183a1745acf6e2fe86b1f600725c7f3677a06bcc7d12e216e764b40
-
SSDEEP
49152:/H+uozbw6H4JCHhy2rc70OvlOXFSP7gVf:2
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-