General
-
Target
46b.vbs
-
Size
287KB
-
Sample
210721-qbpb9pt8p2
-
MD5
099eaf4aa42ebd53fafb156b2f7e1932
-
SHA1
3be7a2b898e1773643620276ebce3c2d33d0371c
-
SHA256
46b1d3c565a615b2df02a567f507a2dc7f75d088fc2b52b1f1e1ce7a92594175
-
SHA512
c653e7d4da7974636d244b4083bbd106d64f7dc9e54e0d05bff015b482bbd2f54dd83acd2bf830d864b2f7b11f39ea88590813085da223e24746fafbd408def0
Static task
static1
Behavioral task
behavioral1
Sample
46b.vbs
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.7B
shugardaddy.ddns.net:5946
AsyncMutex_6SI8OkPnk
-
aes_key
wV1ipYmVNbj8zuNLhiiXQN4PaZKje8qO
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
shugardaddy.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
5946
-
version
0.5.7B
Targets
-
-
Target
46b.vbs
-
Size
287KB
-
MD5
099eaf4aa42ebd53fafb156b2f7e1932
-
SHA1
3be7a2b898e1773643620276ebce3c2d33d0371c
-
SHA256
46b1d3c565a615b2df02a567f507a2dc7f75d088fc2b52b1f1e1ce7a92594175
-
SHA512
c653e7d4da7974636d244b4083bbd106d64f7dc9e54e0d05bff015b482bbd2f54dd83acd2bf830d864b2f7b11f39ea88590813085da223e24746fafbd408def0
-
Async RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-