General
-
Target
invoice-order-21412-paypal.xlxs.vbs
-
Size
162B
-
Sample
210418-qanx1arfkj
-
MD5
af9312989a85c937bf50226288f659ab
-
SHA1
ecb5925f60c91a7926579f086642c3f193fa1e64
-
SHA256
fda270ad50aed906730605ca93ecaa3e24792dd070bb443f94d2d6c23124ad61
-
SHA512
113a7dace186edcec5862f4d5fa75cab31ff096c51fac88549e42656eaba60a09660a2115579fc7aab8142b6c6bb65b0342486a522e161f598a103b2167d3413
Static task
static1
Behavioral task
behavioral1
Sample
invoice-order-21412-paypal.xlxs.vbs
Resource
win7v20210410
Malware Config
Extracted
https://cdn.discordapp.com/attachments/833265385779494912/833265488183820359/Kaspersky.txt
Extracted
asyncrat
0.5.7B
:6606
:7707
:8808
usa-man.accesscam.org:6606
usa-man.accesscam.org:7707
usa-man.accesscam.org:8808
xaft.camdvr.org:6606
xaft.camdvr.org:7707
xaft.camdvr.org:8808
goodpc.theworkpc.com:6606
goodpc.theworkpc.com:7707
goodpc.theworkpc.com:8808
AsyncMutex_6SI8OkPnk
-
aes_key
9sb1l01wZwOFyWz3WpY3G9vMmrO3T3j5
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
,usa-man.accesscam.org,xaft.camdvr.org,goodpc.theworkpc.com
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6606,7707,8808
-
version
0.5.7B
Targets
-
-
Target
invoice-order-21412-paypal.xlxs.vbs
-
Size
162B
-
MD5
af9312989a85c937bf50226288f659ab
-
SHA1
ecb5925f60c91a7926579f086642c3f193fa1e64
-
SHA256
fda270ad50aed906730605ca93ecaa3e24792dd070bb443f94d2d6c23124ad61
-
SHA512
113a7dace186edcec5862f4d5fa75cab31ff096c51fac88549e42656eaba60a09660a2115579fc7aab8142b6c6bb65b0342486a522e161f598a103b2167d3413
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-