General
-
Target
huh.iso
-
Size
898KB
-
Sample
240530-xh78lshd77
-
MD5
f38afe5a302849aefbdafb01db3b1941
-
SHA1
a7c9a1b47dc97804726fd23d082eda2f3f8ffeb9
-
SHA256
d0002a8438d0820af32a1a32e83af831367c1234b5c3c5fbd9c511ace5f37c97
-
SHA512
42391fea1d07b6339c8076ec79395324535f17937b779477e986020eac199c6638f8072727c2a38397aa7b49e3158e9b9caf8655baffb1386bbf79a1fb8fb757
-
SSDEEP
1536:HxxxxxxxxxxxFxxxxxxxxxxx0xxxxxxxxxxxHD53g7xxxxxxxxxxxSxxxxxxxxx+:Q
Malware Config
Extracted
http://162.244.210.92:333/kok.jpg
Extracted
https://www.autohotkey.com/download/1.1/AutoHotkey112304_ansi.zip
Extracted
https://nodejs.org/download/release/latest-v0.12.x/node.exe
Extracted
asyncrat
AWS | 3Losh
Karem
kareemovic11.duckdns.org:6606
kareemovic11.duckdns.org:7707
kareemovic11.duckdns.org:8808
AsyncMutex_kinsdlmsjnsidhuybf
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Invoice#0327629531.wsf
-
Size
107KB
-
MD5
266cc8fd5a88ebdb132fd89ceba28ad4
-
SHA1
0a16abdb0a57fa6c7da646e46c2cb8fd8172d31f
-
SHA256
15ac8251a8b9234d8877a8b5773180d1908c8f24387f4694ccd2fd7391381ea6
-
SHA512
9debde79a8d543b9dbd9200733fd4989c7da38b283fdfbd1b6529001610f96d876cfd3c1c98d50fe925e476b52c039d8734627cb755f96f55124bbcee849424d
-
SSDEEP
1536:JxxxxxxxxxxxFxxxxxxxxxxx0xxxxxxxxxxxHD53g7xxxxxxxxxxxSxxxxxxxxxv:ab
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-