Overview

overview

10

Static

static

DX35.vbs

windows7_x64

10

DX35.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DX35.vbs

  • Size

    978B

  • Sample

    210502-vafmb8n772

  • MD5

    bcbad24347e93a0508784f3b4301b7eb

  • SHA1

    e53eebe440a13db0d356aba83a7e7163dcb5b09f

  • SHA256

    a75682a8be7a7470d0afbcb52b78fd4062fd4a719179730fe3ae6ce836a67a61

  • SHA512

    3bfd946bcd9a06d15bb69a938865763d35dde92992d4cfb9b5065e5397803bf486eb57f2bdd83d59badea7afbddc45ce0920f139fe11107688e2bb781ce4a98b

Score
10/10
asyncratrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://nyc002.hawkhost.com/~mazenne1/ITR/ls.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://nyc002.hawkhost.com/~mazenne1/NDef/11.ps1

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://nyc002.hawkhost.com/~mazenne1/NDef/Defender.bat

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://nyc002.hawkhost.com/~mazenne1/NDef/DefenderKill.lnk

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://nyc002.hawkhost.com/~mazenne1/NDef/Kill.ps1

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://nyc002.hawkhost.com/~mazenne1/ExDef/GoogleUpdate.bat

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://nyc002.hawkhost.com/~mazenne1/ITR/1.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://nyc002.hawkhost.com/~mazenne1/ExDef/Dicord.lnk

Targets

    • Target

      DX35.vbs

    • Size

      978B

    • MD5

      bcbad24347e93a0508784f3b4301b7eb

    • SHA1

      e53eebe440a13db0d356aba83a7e7163dcb5b09f

    • SHA256

      a75682a8be7a7470d0afbcb52b78fd4062fd4a719179730fe3ae6ce836a67a61

    • SHA512

      3bfd946bcd9a06d15bb69a938865763d35dde92992d4cfb9b5065e5397803bf486eb57f2bdd83d59badea7afbddc45ce0920f139fe11107688e2bb781ce4a98b

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks