General
-
Target
invoice954423.vbs
-
Size
236B
-
Sample
210427-haqmmp98zn
-
MD5
755e0f945656b708f911ff7438ee3dda
-
SHA1
147e7d2fad41deea7b15801a815dd80c340ae9b2
-
SHA256
4622e0560aaa02a43009773a1c42f8017cae6b63f0f7950b358c22d46c757e1c
-
SHA512
3d6c7eab9ac8ecd9fc4b8ce2f22026444500c4fc6327c674e5298a0eb3ea23ac7e9b173c67cb4fa67ce223e2dfbd0f7b338e60d5d00320ebaf6ba969d2b5d00f
Static task
static1
Behavioral task
behavioral1
Sample
invoice954423.vbs
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.7B
bad96.ddns.net:1996
AsyncMutex_6SI8OkPnk
-
aes_key
wV8wYBZRpKZKwS4P6oMapiOlrel4uoXW
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
bad96.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
1996
-
version
0.5.7B
Targets
-
-
Target
invoice954423.vbs
-
Size
236B
-
MD5
755e0f945656b708f911ff7438ee3dda
-
SHA1
147e7d2fad41deea7b15801a815dd80c340ae9b2
-
SHA256
4622e0560aaa02a43009773a1c42f8017cae6b63f0f7950b358c22d46c757e1c
-
SHA512
3d6c7eab9ac8ecd9fc4b8ce2f22026444500c4fc6327c674e5298a0eb3ea23ac7e9b173c67cb4fa67ce223e2dfbd0f7b338e60d5d00320ebaf6ba969d2b5d00f
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-