General
-
Target
c55.vbs
-
Size
1.5MB
-
Sample
210721-1z5chkwz4s
-
MD5
7e4aeace3df4ccccc4216f7df85f5341
-
SHA1
ced225d52855a15d7f45dcd9890eccc6dd2b18a8
-
SHA256
c55dffdcb320a06872faa4cc7777bafd81051a17533e919fbee3fc27e8f47135
-
SHA512
76d66472a7c60f82a022692ee2947ebb3b9dbd0e46a2db5aae7a1d296ad01d60465f9fd6733697a9aa4421eaa7655e33c025283f85f2f8156d83af2b2702aaa2
Static task
static1
Behavioral task
behavioral1
Sample
c55.vbs
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.7B
shugardaddy.ddns.net:5946
AsyncMutex_6SI8OkPnk
-
aes_key
wV1ipYmVNbj8zuNLhiiXQN4PaZKje8qO
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
shugardaddy.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
5946
-
version
0.5.7B
Targets
-
-
Target
c55.vbs
-
Size
1.5MB
-
MD5
7e4aeace3df4ccccc4216f7df85f5341
-
SHA1
ced225d52855a15d7f45dcd9890eccc6dd2b18a8
-
SHA256
c55dffdcb320a06872faa4cc7777bafd81051a17533e919fbee3fc27e8f47135
-
SHA512
76d66472a7c60f82a022692ee2947ebb3b9dbd0e46a2db5aae7a1d296ad01d60465f9fd6733697a9aa4421eaa7655e33c025283f85f2f8156d83af2b2702aaa2
-
Async RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-