General
-
Target
Statement-ID13453448758.vbs
-
Size
711B
-
Sample
210419-8svter54ys
-
MD5
72033b275b6bd19ca9ea6e7bbedcc90c
-
SHA1
1ecaa505cd7e2c4aaac036f5b75b93d2b709ca80
-
SHA256
09d633e302f276634d7f6752fc971bef3f35d5b140f2d3a3c39dea3b9ab56c2b
-
SHA512
459f3f087258976451dabef106dc6dc381b0507c88771237d84f1c2ce5e9f4663cdab4a6857b2c4d45b2ac7f3b0251a323b913a190b2d43d60f7abf0d784b899
Static task
static1
Behavioral task
behavioral1
Sample
Statement-ID13453448758.vbs
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.7B
newddnss.ddns.net:6666
AsyncMutex_6SI8OkPnk
-
aes_key
C4Pf6rLfqnzyqJfOd2KxibcX03qAEOb3
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
newddnss.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6666
-
version
0.5.7B
Targets
-
-
Target
Statement-ID13453448758.vbs
-
Size
711B
-
MD5
72033b275b6bd19ca9ea6e7bbedcc90c
-
SHA1
1ecaa505cd7e2c4aaac036f5b75b93d2b709ca80
-
SHA256
09d633e302f276634d7f6752fc971bef3f35d5b140f2d3a3c39dea3b9ab56c2b
-
SHA512
459f3f087258976451dabef106dc6dc381b0507c88771237d84f1c2ce5e9f4663cdab4a6857b2c4d45b2ac7f3b0251a323b913a190b2d43d60f7abf0d784b899
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-