General
-
Target
DX35.vbs
-
Size
978B
-
Sample
210502-dwgfn3xrda
-
MD5
bcbad24347e93a0508784f3b4301b7eb
-
SHA1
e53eebe440a13db0d356aba83a7e7163dcb5b09f
-
SHA256
a75682a8be7a7470d0afbcb52b78fd4062fd4a719179730fe3ae6ce836a67a61
-
SHA512
3bfd946bcd9a06d15bb69a938865763d35dde92992d4cfb9b5065e5397803bf486eb57f2bdd83d59badea7afbddc45ce0920f139fe11107688e2bb781ce4a98b
Static task
static1
Behavioral task
behavioral1
Sample
DX35.vbs
Resource
win7v20210410
Malware Config
Extracted
https://nyc002.hawkhost.com/~mazenne1/ITR/ls.txt
Extracted
https://nyc002.hawkhost.com/~mazenne1/NDef/11.ps1
Extracted
https://nyc002.hawkhost.com/~mazenne1/NDef/Defender.bat
Extracted
https://nyc002.hawkhost.com/~mazenne1/NDef/DefenderKill.lnk
Extracted
https://nyc002.hawkhost.com/~mazenne1/NDef/Kill.ps1
Extracted
https://nyc002.hawkhost.com/~mazenne1/ExDef/GoogleUpdate.bat
Extracted
https://nyc002.hawkhost.com/~mazenne1/ITR/1.txt
Extracted
https://nyc002.hawkhost.com/~mazenne1/ExDef/Dicord.lnk
Targets
-
-
Target
DX35.vbs
-
Size
978B
-
MD5
bcbad24347e93a0508784f3b4301b7eb
-
SHA1
e53eebe440a13db0d356aba83a7e7163dcb5b09f
-
SHA256
a75682a8be7a7470d0afbcb52b78fd4062fd4a719179730fe3ae6ce836a67a61
-
SHA512
3bfd946bcd9a06d15bb69a938865763d35dde92992d4cfb9b5065e5397803bf486eb57f2bdd83d59badea7afbddc45ce0920f139fe11107688e2bb781ce4a98b
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-