General
-
Target
cool-obf.bat
-
Size
20KB
-
Sample
241026-byfmmsvqgy
-
MD5
99525fe4bc3b8826a79437472b315528
-
SHA1
6f4c3291b57e996bac223dda1b7b1bcfea8d4528
-
SHA256
e0912478bf932332e047a18ba0431920547bbd7310b2b87eab25b78e03889ef3
-
SHA512
6dca8ca280024c06b37c42d0f92b5d3b8cb7479fd527e9c5fc81efac8cd22c6adc6ac5dd2e5fdb8aeebff2634ea010ce9497c20dbf58addd382597855ac81887
-
SSDEEP
384:UmN+vVczZIkT0EFDuWLhGzAzjpyHGGwWW9l:PQvVc1jT0EFDuWLhGsfpyHzw79l
Static task
static1
Behavioral task
behavioral1
Sample
cool-obf.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
cool-obf.bat
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
https://raw.githubusercontent.com/venkovisual/Loli-Mod/refs/heads/main/AsyncClient.exe
Extracted
asyncrat
AsyncRAT
Default
yyyson22.gleeze.com:4608
dw
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
cool-obf.bat
-
Size
20KB
-
MD5
99525fe4bc3b8826a79437472b315528
-
SHA1
6f4c3291b57e996bac223dda1b7b1bcfea8d4528
-
SHA256
e0912478bf932332e047a18ba0431920547bbd7310b2b87eab25b78e03889ef3
-
SHA512
6dca8ca280024c06b37c42d0f92b5d3b8cb7479fd527e9c5fc81efac8cd22c6adc6ac5dd2e5fdb8aeebff2634ea010ce9497c20dbf58addd382597855ac81887
-
SSDEEP
384:UmN+vVczZIkT0EFDuWLhGzAzjpyHGGwWW9l:PQvVc1jT0EFDuWLhGsfpyHzw79l
-
Asyncrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-