General
-
Target
esmo2.ps1
-
Size
6KB
-
Sample
241207-vbyz9axjb1
-
MD5
ded5f63456e1d0dcb17aa8688d57e4c7
-
SHA1
4c7c84a426936401f9e4556abe454ac688fb7f05
-
SHA256
9ee369ad690ea79c029365597fee8463e738dbeb15cb2bff10ac12b35cd6287d
-
SHA512
0569e96ae73260b3a7ec6e7a5cac5bd2f429ac37a6be164556dfb1d813c8a9d10c06bcfd79110813e4f7377ca867daf542969c9d17c43eb71c9bec87c7bc037c
-
SSDEEP
96:Bbz+T3G8B8gSsAfKt4zw1O4GWA9E7A/xRnhiE7MVyt8MYKJLVG01Waw:BbGW8B8XJg4UMLWmEk59hiPy6EL1hw
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
Dozzy[1]
Setup_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/AJqrj5ZH
Targets
-
-
Target
esmo2.ps1
-
Size
6KB
-
MD5
ded5f63456e1d0dcb17aa8688d57e4c7
-
SHA1
4c7c84a426936401f9e4556abe454ac688fb7f05
-
SHA256
9ee369ad690ea79c029365597fee8463e738dbeb15cb2bff10ac12b35cd6287d
-
SHA512
0569e96ae73260b3a7ec6e7a5cac5bd2f429ac37a6be164556dfb1d813c8a9d10c06bcfd79110813e4f7377ca867daf542969c9d17c43eb71c9bec87c7bc037c
-
SSDEEP
96:Bbz+T3G8B8gSsAfKt4zw1O4GWA9E7A/xRnhiE7MVyt8MYKJLVG01Waw:BbGW8B8XJg4UMLWmEk59hiPy6EL1hw
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-