General
-
Target
Invoice ID-(679789789).vbs
-
Size
790KB
-
Sample
210117-hh5pjvm7n2
-
MD5
f02bd913e532f0ce5cc24adc82f8d0b3
-
SHA1
49fb5baaa600a5208ba80e18bf89142c3f20b4ab
-
SHA256
ee6aa50f61c71ad0a85d0c60e8cec35c45b949da9e173d79cdcb9c7586ac4e12
-
SHA512
64537b7b8b0fb21f41727c99bf6c8da7edc1f4a161a3d11da726c7e2f5b1cb653827ae6c2eba3dbe4ce2a618f839972c36e0cfc915f012b42b5d6d3d75ad3ea6
Static task
static1
Behavioral task
behavioral1
Sample
Invoice ID-(679789789).vbs
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
ahmed21018.linkpc.net:6666
AsyncMutex_6SI8OkPnk
-
aes_key
HfV4Y9fCgIsC3FKVpoDmniTLvXYcA64a
-
anti_detection
false
-
autorun
true
-
bdos
false
-
delay
Default
-
host
ahmed21018.linkpc.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6666
-
version
0.5.7B
Targets
-
-
Target
Invoice ID-(679789789).vbs
-
Size
790KB
-
MD5
f02bd913e532f0ce5cc24adc82f8d0b3
-
SHA1
49fb5baaa600a5208ba80e18bf89142c3f20b4ab
-
SHA256
ee6aa50f61c71ad0a85d0c60e8cec35c45b949da9e173d79cdcb9c7586ac4e12
-
SHA512
64537b7b8b0fb21f41727c99bf6c8da7edc1f4a161a3d11da726c7e2f5b1cb653827ae6c2eba3dbe4ce2a618f839972c36e0cfc915f012b42b5d6d3d75ad3ea6
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-