General
-
Target
0ea.vbs
-
Size
841KB
-
Sample
210721-grvyc1nnsa
-
MD5
51631a66b0721818b5f4db2d88cc0563
-
SHA1
9e1228052f6988c1146d2bac0295ef760cb6ae07
-
SHA256
0ea2e136c0604fe2336a37c9d7b5a6150abd58e48311fa625ea375468189931e
-
SHA512
f74a5a00ffdd04c3b4454a08e0108d6104616399bab80a91f5228052d8d274eceb64b519c96f8eac64d23852fc723f401e65a0d39fc579b516d2e4a3d10035a6
Static task
static1
Behavioral task
behavioral1
Sample
0ea.vbs
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.7B
shugardaddy.ddns.net:5946
AsyncMutex_6SI8OkPnk
-
aes_key
wV1ipYmVNbj8zuNLhiiXQN4PaZKje8qO
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
shugardaddy.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
5946
-
version
0.5.7B
Targets
-
-
Target
0ea.vbs
-
Size
841KB
-
MD5
51631a66b0721818b5f4db2d88cc0563
-
SHA1
9e1228052f6988c1146d2bac0295ef760cb6ae07
-
SHA256
0ea2e136c0604fe2336a37c9d7b5a6150abd58e48311fa625ea375468189931e
-
SHA512
f74a5a00ffdd04c3b4454a08e0108d6104616399bab80a91f5228052d8d274eceb64b519c96f8eac64d23852fc723f401e65a0d39fc579b516d2e4a3d10035a6
-
Async RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-