Overview

overview

10

Static

static

1

1b350ab8fe...49.ps1

windows7-x64

3

1b350ab8fe...49.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b350ab8fe858722dcb4cb3481945a853fa5382b8530b8c32c38b343c1bd3749.ps1

  • Size

    453KB

  • Sample

    250128-pepm4a1mhj

  • MD5

    db819652baeb0d28e8623796a292ab1b

  • SHA1

    699f26ff45e7dd6e6bcfb5375d701030e01da6f9

  • SHA256

    1b350ab8fe858722dcb4cb3481945a853fa5382b8530b8c32c38b343c1bd3749

  • SHA512

    0aa229ec053bacdf4f866a72d9738ef0b521e4eee5dec9ebf8ec57a6da1f9f03cbfd4c41c754c03d804c3c38c6240a3766da29d4957f55e0a336451eda1c4d7f

  • SSDEEP

    1536:zv3dW/z20+u4dXNR8WrlDn8DT2ybMVwO8zNdEunygsmj+oN8NGHbEh4WMx+m6y3e:zIE+NPVFL2bUCUrNlKomLJVlCsspng

Score
10/10
asyncrat00000001discoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

00000001

C2

81.10.39.58:7077

Mutex

AsyncMutex_alosh

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1b350ab8fe858722dcb4cb3481945a853fa5382b8530b8c32c38b343c1bd3749.ps1

    • Size

      453KB

    • MD5

      db819652baeb0d28e8623796a292ab1b

    • SHA1

      699f26ff45e7dd6e6bcfb5375d701030e01da6f9

    • SHA256

      1b350ab8fe858722dcb4cb3481945a853fa5382b8530b8c32c38b343c1bd3749

    • SHA512

      0aa229ec053bacdf4f866a72d9738ef0b521e4eee5dec9ebf8ec57a6da1f9f03cbfd4c41c754c03d804c3c38c6240a3766da29d4957f55e0a336451eda1c4d7f

    • SSDEEP

      1536:zv3dW/z20+u4dXNR8WrlDn8DT2ybMVwO8zNdEunygsmj+oN8NGHbEh4WMx+m6y3e:zIE+NPVFL2bUCUrNlKomLJVlCsspng

    Score
    10/10
    executionasyncrat00000001discoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks