General

  • Target

    Statement-ID13453448758.vbs

  • Size

    711B

  • Sample

    210419-8svter54ys

  • MD5

    72033b275b6bd19ca9ea6e7bbedcc90c

  • SHA1

    1ecaa505cd7e2c4aaac036f5b75b93d2b709ca80

  • SHA256

    09d633e302f276634d7f6752fc971bef3f35d5b140f2d3a3c39dea3b9ab56c2b

  • SHA512

    459f3f087258976451dabef106dc6dc381b0507c88771237d84f1c2ce5e9f4663cdab4a6857b2c4d45b2ac7f3b0251a323b913a190b2d43d60f7abf0d784b899

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

newddnss.ddns.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    C4Pf6rLfqnzyqJfOd2KxibcX03qAEOb3

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    newddnss.ddns.net

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6666

  • version

    0.5.7B

aes.plain

Targets

    • Target

      Statement-ID13453448758.vbs

    • Size

      711B

    • MD5

      72033b275b6bd19ca9ea6e7bbedcc90c

    • SHA1

      1ecaa505cd7e2c4aaac036f5b75b93d2b709ca80

    • SHA256

      09d633e302f276634d7f6752fc971bef3f35d5b140f2d3a3c39dea3b9ab56c2b

    • SHA512

      459f3f087258976451dabef106dc6dc381b0507c88771237d84f1c2ce5e9f4663cdab4a6857b2c4d45b2ac7f3b0251a323b913a190b2d43d60f7abf0d784b899

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks