General
-
Target
dcc0acdc514d4c96de42b032a952d6e5308e0ce8f122b22b7da715ef3b213854.ps1
-
Size
463KB
-
Sample
250128-n86yss1lel
-
MD5
c4f61fb22b14c5c83ccb6ca08743eb70
-
SHA1
1636e997a6c0b98414569137de0f918c881b90c6
-
SHA256
dcc0acdc514d4c96de42b032a952d6e5308e0ce8f122b22b7da715ef3b213854
-
SHA512
9219908f9239852cee93dc3ed50aafb2251ec85c8c453ad950a3361628362379638eebc06b85cb27c9b8a5d27dbda6e53f4b2ff625b44880fb83ca4dd6dc3fd4
-
SSDEEP
6144:jMcB4ABE+NPVFL2bUCUrNlKomLJVlCssptqzx:jLE+NPVFL2bUCUrNlKomLJVlCzsx
Malware Config
Extracted
asyncrat
AWS | 3Losh
00000001
81.10.39.58:7077
AsyncMutex_alosh
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
dcc0acdc514d4c96de42b032a952d6e5308e0ce8f122b22b7da715ef3b213854.ps1
-
Size
463KB
-
MD5
c4f61fb22b14c5c83ccb6ca08743eb70
-
SHA1
1636e997a6c0b98414569137de0f918c881b90c6
-
SHA256
dcc0acdc514d4c96de42b032a952d6e5308e0ce8f122b22b7da715ef3b213854
-
SHA512
9219908f9239852cee93dc3ed50aafb2251ec85c8c453ad950a3361628362379638eebc06b85cb27c9b8a5d27dbda6e53f4b2ff625b44880fb83ca4dd6dc3fd4
-
SSDEEP
6144:jMcB4ABE+NPVFL2bUCUrNlKomLJVlCssptqzx:jLE+NPVFL2bUCUrNlKomLJVlCzsx
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-