General
-
Target
Invoice ID-(684472).vbs
-
Size
1KB
-
Sample
210101-1fptb2g8k2
-
MD5
c05a85cfc2c324d1d07fdb9d4bcddeb0
-
SHA1
dedbcd22b4ff8b2b2d7ae7a8591f05da0f57a78b
-
SHA256
55003a7b54c120f1a15f12fb4223a13cf4ac1469a9823f4ee3ba0f6794caefe1
-
SHA512
205656caee003f18b86a44b14017a6bc515179de931285d2d960054adc9f12c60fd58429b867f01600da476d5bf36c872759afe9ddcc925151e4d19f9cc7c3c3
Static task
static1
Behavioral task
behavioral1
Sample
Invoice ID-(684472).vbs
Resource
win7v20201028
Malware Config
Extracted
https://ia601405.us.archive.org/18/items/1_20201225_20201225_1405/1.txt
https://ia801506.us.archive.org/32/items/4_20201225/4.txt
Extracted
asyncrat
0.5.7B
clayroot2016.linkpc.net:6666
AsyncMutex_6SI8OkPnk
-
aes_key
nNbw756406FgME0njT0oTet2agAzSaJX
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
clayroot2016.linkpc.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6666
-
version
0.5.7B
Targets
-
-
Target
Invoice ID-(684472).vbs
-
Size
1KB
-
MD5
c05a85cfc2c324d1d07fdb9d4bcddeb0
-
SHA1
dedbcd22b4ff8b2b2d7ae7a8591f05da0f57a78b
-
SHA256
55003a7b54c120f1a15f12fb4223a13cf4ac1469a9823f4ee3ba0f6794caefe1
-
SHA512
205656caee003f18b86a44b14017a6bc515179de931285d2d960054adc9f12c60fd58429b867f01600da476d5bf36c872759afe9ddcc925151e4d19f9cc7c3c3
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-