Overview

overview

10

Static

static

1

4e7889d60a...95.ps1

windows7-x64

3

4e7889d60a...95.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    699160a16bdf0536e0fa69adcbab1e19.bin

  • Size

    65KB

  • Sample

    241018-bt1f9ayanh

  • MD5

    4bc69f098b0c11ffa459f1c1f05a4053

  • SHA1

    417926c6d56404c1d5efcc0d9b02780315a77b6d

  • SHA256

    81230dc5683cbbb387a3476001b915633332b624eeb2faec3170f7adefc2f586

  • SHA512

    d30c2a4993b3b239ed0efb7632b6322a5f570430ec8055573b81ba377e319ef7ea56d33929a00486c30540c78cf95ee31570224fef644bd09a471d08efcdd65b

  • SSDEEP

    1536:51nS3SSSLEJH0VVm1HS7+FcIBfPZ+57rfIcQ5:vvEEmAIcKXyfAz5

Score
10/10
asyncratnew-encryptdiscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

New-Encrypt

Mutex

AsyncMutex_alosh

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/M1nmWeTA

aes.plain

Targets

    • Target

      4e7889d60aa6df54e7b646e8ba30befa9bba6ddfca3ac1a5894429e0caa86295.ps1

    • Size

      436KB

    • MD5

      699160a16bdf0536e0fa69adcbab1e19

    • SHA1

      ae8a6be22f05e119e7031edc79fb4a21f1268500

    • SHA256

      4e7889d60aa6df54e7b646e8ba30befa9bba6ddfca3ac1a5894429e0caa86295

    • SHA512

      bf2b94320790d54a3c30a57a34877f5d5d55e918943f1180fef50901b86b61e1bd48dd8c7af0a1a82de7f0b0e2af7b65dc6471fc616846c4260811c2ddc5c145

    • SSDEEP

      1536:TUdAHeDN4NDabDzuCO4dfk2EJdMFXa/3qYrYUF1rGs4UPDc+dl3Cz6nKd35rmDeJ:T/XrXFWHlFHhfu88S

    Score
    10/10
    executionasyncratnew-encryptdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks