General
-
Target
Re_Quote_289DG6O_15062021.pdf.vbs
-
Size
593KB
-
Sample
210722-hdtctyhx5e
-
MD5
d059824ebe0001e795069e19b700b2b8
-
SHA1
ccc74eb9ef9c4642ea909ab571752c5f22618784
-
SHA256
4241bdef66837dd05567b983827171f742e391251cdba93b2c3fae2fb77a6a3d
-
SHA512
07394ead2116c1c7b11ff48b81496c20bc7f4e0f72c404a316325a2694c751de72f76260f7282562d1ccfdff24786441e641b77048758fd09e2a05105d26bda9
Static task
static1
Behavioral task
behavioral1
Sample
Re_Quote_289DG6O_15062021.pdf.vbs
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.7B
8970.ddns.net:8973
8970.ddns.net:8971
8970.ddns.net:8970
AsyncMutex_6SI8OkPnk
-
aes_key
QMatjvtVkF3KwliMTk4UiKdIFFuO27pl
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
8970.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
8973,8971,8970
-
version
0.5.7B
Targets
-
-
Target
Re_Quote_289DG6O_15062021.pdf.vbs
-
Size
593KB
-
MD5
d059824ebe0001e795069e19b700b2b8
-
SHA1
ccc74eb9ef9c4642ea909ab571752c5f22618784
-
SHA256
4241bdef66837dd05567b983827171f742e391251cdba93b2c3fae2fb77a6a3d
-
SHA512
07394ead2116c1c7b11ff48b81496c20bc7f4e0f72c404a316325a2694c751de72f76260f7282562d1ccfdff24786441e641b77048758fd09e2a05105d26bda9
-
Async RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-