General
-
Target
Invoice ID-(4387206).vbs
-
Size
1KB
-
Sample
210108-9dft1tqxzj
-
MD5
83f5dfe54337970c464b58db9d990bbc
-
SHA1
c3da46773165a805307eea544a5c1498bfd96e26
-
SHA256
0089fe3a660c1a3fba7039e03482aed3b0a7d82b72e4c38e4b5da8612fe7247c
-
SHA512
cd2123990037cbf5eebbe818ff0d117dde71b4ed9882aef92b6471bbc71d9ef7ed664dff7798463810debcfcb3a94bbadd25c97013a57ba12da4b2e2f4c5fceb
Static task
static1
Behavioral task
behavioral1
Sample
Invoice ID-(4387206).vbs
Resource
win7v20201028
Malware Config
Extracted
https://ia801507.us.archive.org/34/items/3_20210106/3.txt
Extracted
asyncrat
0.5.7B
clayroot2016.linkpc.net:6666
AsyncMutex_6SI8OkPnk
-
aes_key
Kf16onJhATpNbuJfsFjEdXd4221e8Y7w
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
clayroot2016.linkpc.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6666
-
version
0.5.7B
Targets
-
-
Target
Invoice ID-(4387206).vbs
-
Size
1KB
-
MD5
83f5dfe54337970c464b58db9d990bbc
-
SHA1
c3da46773165a805307eea544a5c1498bfd96e26
-
SHA256
0089fe3a660c1a3fba7039e03482aed3b0a7d82b72e4c38e4b5da8612fe7247c
-
SHA512
cd2123990037cbf5eebbe818ff0d117dde71b4ed9882aef92b6471bbc71d9ef7ed664dff7798463810debcfcb3a94bbadd25c97013a57ba12da4b2e2f4c5fceb
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-