General
-
Target
63vN2.txt
-
Size
533B
-
Sample
240705-w4bk4avgra
-
MD5
dc087d53594631d1aaa5a22d4b98029f
-
SHA1
3c3889c1aa260c8a6cbc203880d9a436304172bf
-
SHA256
c46404289e1d370b7f1c7d90301db7f2e9a3827e02b00d44a4a1dd557f5a2f1b
-
SHA512
fbb311d639876b55edb0a7d5e0bc967f15b7f3f87211ba28f66079a7ec6adb1f04de19682661efaeb74f7a67691482c974dd505ecb8f2a4944222c81b7a0341f
Static task
static1
Behavioral task
behavioral1
Sample
63vN2.vbs
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
63vN2.vbs
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
63vN2.vbs
Resource
win10v2004-20240704-en
Malware Config
Extracted
http://212.70.149.205:2020/c.jpg
Extracted
asyncrat
Xchallenger | 3Losh
Default
s1mpl3.simple-url.com:6606
s1mpl3.simple-url.com:7707
s1mpl3.simple-url.com:8808
AsyncMutex_aloshx
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
63vN2.txt
-
Size
533B
-
MD5
dc087d53594631d1aaa5a22d4b98029f
-
SHA1
3c3889c1aa260c8a6cbc203880d9a436304172bf
-
SHA256
c46404289e1d370b7f1c7d90301db7f2e9a3827e02b00d44a4a1dd557f5a2f1b
-
SHA512
fbb311d639876b55edb0a7d5e0bc967f15b7f3f87211ba28f66079a7ec6adb1f04de19682661efaeb74f7a67691482c974dd505ecb8f2a4944222c81b7a0341f
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-