General
-
Target
8c5ed8446ba0aaca2368cf30362be21cfcb68c7bc05d552e96ed2e53f2075178.cmd
-
Size
4KB
-
Sample
250222-e7tseaxpfv
-
MD5
9c015680e80d65369945208508a403d5
-
SHA1
7700b6bea5b3721c2bd8c144bbc936d9dad4ae85
-
SHA256
8c5ed8446ba0aaca2368cf30362be21cfcb68c7bc05d552e96ed2e53f2075178
-
SHA512
d321e7d44342636ade9864c9d74633b2c62b050ff25da2cce580118e7b0e7958222b10ce6286e7bd01a0d54835ab3a04c47231c32a48bd7c0953283ecfbe64f1
-
SSDEEP
96:csgfPxToZjN+/wfQLCaMTWJM/mSsYedAACsrgSidAXXkuXhd:k3aAw4L5JMKndAEsbdkkuXhd
Malware Config
Extracted
asyncrat
Xchallenger | 3Losh
new_cryptme
Wpzvlds.gleeze.com:6606
AsyncMutex_uiaomzkk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
8c5ed8446ba0aaca2368cf30362be21cfcb68c7bc05d552e96ed2e53f2075178.cmd
-
Size
4KB
-
MD5
9c015680e80d65369945208508a403d5
-
SHA1
7700b6bea5b3721c2bd8c144bbc936d9dad4ae85
-
SHA256
8c5ed8446ba0aaca2368cf30362be21cfcb68c7bc05d552e96ed2e53f2075178
-
SHA512
d321e7d44342636ade9864c9d74633b2c62b050ff25da2cce580118e7b0e7958222b10ce6286e7bd01a0d54835ab3a04c47231c32a48bd7c0953283ecfbe64f1
-
SSDEEP
96:csgfPxToZjN+/wfQLCaMTWJM/mSsYedAACsrgSidAXXkuXhd:k3aAw4L5JMKndAEsbdkkuXhd
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-