General
-
Target
invoice-ID9411548.vbs
-
Size
1KB
-
Sample
210101-6qab5xseyn
-
MD5
f9e8a25600c4bc01018c470bf41324ea
-
SHA1
19831c42ba73345e2b19499109754dbb0d39aae7
-
SHA256
6caf398dd07a03dc116fa8562b0daf0973d16309299cb9664d2efbc82bdb3069
-
SHA512
89d36cbb444ea80de1de638a322993b8328bcdc45b08a6f0d43d26daaab8272400fdafe8547bca47b195625f1ba6c3f311a05314d6ff0965334164b2c107cf10
Static task
static1
Behavioral task
behavioral1
Sample
invoice-ID9411548.vbs
Resource
win7v20201028
Malware Config
Extracted
https://ia601505.us.archive.org/27/items/1_20201229/1.txt
https://ia601402.us.archive.org/14/items/4_20201229/4.txt
Extracted
asyncrat
0.5.7B
saico015.linkpc.net:6666
AsyncMutex_6SI8OkPnk
-
aes_key
hjeVCW0FjlKGY6kjdvCdmALQfmqFINh0
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
saico015.linkpc.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6666
-
version
0.5.7B
Targets
-
-
Target
invoice-ID9411548.vbs
-
Size
1KB
-
MD5
f9e8a25600c4bc01018c470bf41324ea
-
SHA1
19831c42ba73345e2b19499109754dbb0d39aae7
-
SHA256
6caf398dd07a03dc116fa8562b0daf0973d16309299cb9664d2efbc82bdb3069
-
SHA512
89d36cbb444ea80de1de638a322993b8328bcdc45b08a6f0d43d26daaab8272400fdafe8547bca47b195625f1ba6c3f311a05314d6ff0965334164b2c107cf10
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-