General
-
Target
15.vbs
-
Size
1KB
-
Sample
210721-bpt23bg7aj
-
MD5
3e46e05d321065ab67c8b5d588ffe418
-
SHA1
16bbaae13819f996be9f81794df7c9f33ade9b7d
-
SHA256
15cf9daf5bad1a5a78783f675eb63850e216a690e0f3302738ce3bd825ba6fc1
-
SHA512
c40d1599d412c9f0fdf8ec5e32916bd1ad3b25f189a61822a602bb675f664fcb683f52efc43e48ded468f79ccea77bca860b63375554ebae99cfffba211e1d59
Static task
static1
Behavioral task
behavioral1
Sample
15.vbs
Resource
win7v20210410
Malware Config
Extracted
https://ia601405.us.archive.org/30/items/all-2542/ALL_2542.txt
Extracted
asyncrat
0.5.7B
185.19.85.168:8888
AsyncMutex_6SI8OkPnk
-
aes_key
iaCQxXrg9VcwzLPunOt4DDhIibhcZSWL
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
185.19.85.168
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
8888
-
version
0.5.7B
Targets
-
-
Target
15.vbs
-
Size
1KB
-
MD5
3e46e05d321065ab67c8b5d588ffe418
-
SHA1
16bbaae13819f996be9f81794df7c9f33ade9b7d
-
SHA256
15cf9daf5bad1a5a78783f675eb63850e216a690e0f3302738ce3bd825ba6fc1
-
SHA512
c40d1599d412c9f0fdf8ec5e32916bd1ad3b25f189a61822a602bb675f664fcb683f52efc43e48ded468f79ccea77bca860b63375554ebae99cfffba211e1d59
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-