General
-
Target
ASG.vbs
-
Size
9KB
-
Sample
210507-fgtxk74zax
-
MD5
0a2a8aa3944b6f377ac18361e351ab26
-
SHA1
7d647c28efd45c8f0c38d30235308187e5f96d29
-
SHA256
9901fffc81769726c5217dfc2db580c1b67ad476f59451f9af8254c66966dafa
-
SHA512
1d66f8ce7d30e0f462a8751d98dbddc561908171728ba44fb56145cd03e4f18659c6e7fb151e27714f38990ac4e973773f36f246a1c680b1288cc089cadcf4e8
Static task
static1
Behavioral task
behavioral1
Sample
ASG.vbs
Resource
win7v20210408
Malware Config
Extracted
https://pastebin.com/raw/y3Yp0yTh
Targets
-
-
Target
ASG.vbs
-
Size
9KB
-
MD5
0a2a8aa3944b6f377ac18361e351ab26
-
SHA1
7d647c28efd45c8f0c38d30235308187e5f96d29
-
SHA256
9901fffc81769726c5217dfc2db580c1b67ad476f59451f9af8254c66966dafa
-
SHA512
1d66f8ce7d30e0f462a8751d98dbddc561908171728ba44fb56145cd03e4f18659c6e7fb151e27714f38990ac4e973773f36f246a1c680b1288cc089cadcf4e8
-
Async RAT payload
-
Blocklisted process makes network request
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-