General
-
Target
BGWA373.vbs
-
Size
662B
-
Sample
210724-6dzc3r2n6x
-
MD5
0aaf99120926cd036d4e12bf6bd9529e
-
SHA1
b4c8b77fd55e4ba131d17137c5e8aeea2fae5a7a
-
SHA256
1c80b7c0a15cb2c6685b9eb72124e4b4dd5b7f80f60acc59d0d24f863610feb0
-
SHA512
64ee05a4b8e1a849c715a56469b95856232bc57182e4c1b6e8eeebfb2331c39811b7bbd1eea4161f3cc9dd2915b7c38a4ed18873824663a764207f42eb533570
Static task
static1
Behavioral task
behavioral1
Sample
BGWA373.vbs
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.7B
newfrost.ddns.net:6666
AsyncMutex_6SI8OkPnk
-
aes_key
i7qGeRW2Orm1I0pgfxYOISTcRoWU7fSK
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
newfrost.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6666
-
version
0.5.7B
Targets
-
-
Target
BGWA373.vbs
-
Size
662B
-
MD5
0aaf99120926cd036d4e12bf6bd9529e
-
SHA1
b4c8b77fd55e4ba131d17137c5e8aeea2fae5a7a
-
SHA256
1c80b7c0a15cb2c6685b9eb72124e4b4dd5b7f80f60acc59d0d24f863610feb0
-
SHA512
64ee05a4b8e1a849c715a56469b95856232bc57182e4c1b6e8eeebfb2331c39811b7bbd1eea4161f3cc9dd2915b7c38a4ed18873824663a764207f42eb533570
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-