General
-
Target
NY54.vbs
-
Size
976B
-
Sample
210506-akdjk36x1e
-
MD5
8386ad530818e9eb7d3f382539903273
-
SHA1
5713f51096c411288c065155cbd9b4f197fe7908
-
SHA256
767111470dee2831acd1ca1cbfd8e4acb400a71a12422a27922ddf300315f5c7
-
SHA512
dc387f94f678b9c81e00f13421a82cf4c64af612984efb3fd81e08c2f91c7b4079c51d4b81088f2c233344dc8b8d6665b289ae2918a27a3c4f4a901157adec8c
Static task
static1
Malware Config
Extracted
https://worf.hosterbox.com/~htgfgdrt/WSA/3.txt
Extracted
http://worf.hosterbox.com/~htgfgdrt/NDef/11.ps1
Extracted
http://worf.hosterbox.com/~htgfgdrt/NDef/Defender.bat
Extracted
http://worf.hosterbox.com/~htgfgdrt/NDef/DefenderKill.lnk
Extracted
http://worf.hosterbox.com/~htgfgdrt/NDef/Kill.ps1
Extracted
http://worf.hosterbox.com/~htgfgdrt/ExDef/GoogleUpdate.bat
Extracted
http://worf.hosterbox.com/~htgfgdrt/WSA/1.txt
Extracted
http://worf.hosterbox.com/~htgfgdrt/ExDef/Dicord.lnk
Targets
-
-
Target
NY54.vbs
-
Size
976B
-
MD5
8386ad530818e9eb7d3f382539903273
-
SHA1
5713f51096c411288c065155cbd9b4f197fe7908
-
SHA256
767111470dee2831acd1ca1cbfd8e4acb400a71a12422a27922ddf300315f5c7
-
SHA512
dc387f94f678b9c81e00f13421a82cf4c64af612984efb3fd81e08c2f91c7b4079c51d4b81088f2c233344dc8b8d6665b289ae2918a27a3c4f4a901157adec8c
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-