General
-
Target
RFQ_115A087_202104_20_Urgent_pdf.vbs
-
Size
5KB
-
Sample
210420-5wstpy5rcs
-
MD5
b36e32526b42e2fb17c93fb9f839bca2
-
SHA1
eb243b06b6e10ddc227018cc1b4d98209e93beed
-
SHA256
3afff94321f5f55b992d98b50e8af2046d473094a1e1e0611ccddb9bde659fa7
-
SHA512
00aaa35901b7dd8fe8aefb22e4ba40d61550984cfe66d1b893651f65b8b0c4cc76f9f36d713e6ce52241d055fc2b01dce880c9fe0b9e4602599fb9113ac5837c
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_115A087_202104_20_Urgent_pdf.vbs
Resource
win7v20210410
Malware Config
Extracted
https://pastebin.com/raw/1grXhFpU
Targets
-
-
Target
RFQ_115A087_202104_20_Urgent_pdf.vbs
-
Size
5KB
-
MD5
b36e32526b42e2fb17c93fb9f839bca2
-
SHA1
eb243b06b6e10ddc227018cc1b4d98209e93beed
-
SHA256
3afff94321f5f55b992d98b50e8af2046d473094a1e1e0611ccddb9bde659fa7
-
SHA512
00aaa35901b7dd8fe8aefb22e4ba40d61550984cfe66d1b893651f65b8b0c4cc76f9f36d713e6ce52241d055fc2b01dce880c9fe0b9e4602599fb9113ac5837c
-
Async RAT payload
-
Blocklisted process makes network request
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-