General
-
Target
GK58.vbs
-
Size
436B
-
Sample
210504-vye8xywlca
-
MD5
a3f4ec37e400752adb85a34e63560be8
-
SHA1
b20367d00c0bd8ed3f9df0838c237267b7694a84
-
SHA256
32696fdc1973162602638cdec277dde152bf855ee4be61a47258fd7b09354b65
-
SHA512
93f0b8cb8d08d03510f5a4ccf7470bf3620df2da8f7e77cc4790cefbae461ee9ff5fb3b4961adf40061264e1032e09165078d433f3d4805f9a9f419f8ea8b1a1
Static task
static1
Behavioral task
behavioral1
Sample
GK58.vbs
Resource
win7v20210408
Malware Config
Extracted
https://teammagical.com/3.txt
Extracted
https://lax007.hawkhost.com/~mazennet/t-ool/11.txt
Extracted
https://lax007.hawkhost.com/~mazennet/t-ool/Defender.bat
Extracted
https://lax007.hawkhost.com/~mazennet/t-ool/DefenderKill.lnk
Extracted
https://lax007.hawkhost.com/~mazennet/t-ool/Kill.txt
Extracted
https://lax007.hawkhost.com/~mazennet/def/GoogleUpdate.bat
Extracted
https://teammagical.com/2.txt
Extracted
https://lax007.hawkhost.com/~mazennet/def/Dicord.lnk
Targets
-
-
Target
GK58.vbs
-
Size
436B
-
MD5
a3f4ec37e400752adb85a34e63560be8
-
SHA1
b20367d00c0bd8ed3f9df0838c237267b7694a84
-
SHA256
32696fdc1973162602638cdec277dde152bf855ee4be61a47258fd7b09354b65
-
SHA512
93f0b8cb8d08d03510f5a4ccf7470bf3620df2da8f7e77cc4790cefbae461ee9ff5fb3b4961adf40061264e1032e09165078d433f3d4805f9a9f419f8ea8b1a1
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-