Overview

overview

10

Static

static

invoice-or...xs.vbs

windows7_x64

10

invoice-or...xs.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice-order-21412-paypal.xlxs.vbs

  • Size

    162B

  • Sample

    210418-qanx1arfkj

  • MD5

    af9312989a85c937bf50226288f659ab

  • SHA1

    ecb5925f60c91a7926579f086642c3f193fa1e64

  • SHA256

    fda270ad50aed906730605ca93ecaa3e24792dd070bb443f94d2d6c23124ad61

  • SHA512

    113a7dace186edcec5862f4d5fa75cab31ff096c51fac88549e42656eaba60a09660a2115579fc7aab8142b6c6bb65b0342486a522e161f598a103b2167d3413

Score
10/10
asyncratrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/833265385779494912/833265488183820359/Kaspersky.txt

Extracted

Family

asyncrat

Version

0.5.7B

C2

:6606

:7707

:8808

usa-man.accesscam.org:6606

usa-man.accesscam.org:7707

usa-man.accesscam.org:8808

xaft.camdvr.org:6606

xaft.camdvr.org:7707

xaft.camdvr.org:8808

goodpc.theworkpc.com:6606

goodpc.theworkpc.com:7707

goodpc.theworkpc.com:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    9sb1l01wZwOFyWz3WpY3G9vMmrO3T3j5

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    ,usa-man.accesscam.org,xaft.camdvr.org,goodpc.theworkpc.com

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6606,7707,8808

  • version

    0.5.7B

aes.plain

Targets

    • Target

      invoice-order-21412-paypal.xlxs.vbs

    • Size

      162B

    • MD5

      af9312989a85c937bf50226288f659ab

    • SHA1

      ecb5925f60c91a7926579f086642c3f193fa1e64

    • SHA256

      fda270ad50aed906730605ca93ecaa3e24792dd070bb443f94d2d6c23124ad61

    • SHA512

      113a7dace186edcec5862f4d5fa75cab31ff096c51fac88549e42656eaba60a09660a2115579fc7aab8142b6c6bb65b0342486a522e161f598a103b2167d3413

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks