General
-
Target
KHTC288.vbs
-
Size
662B
-
Sample
210724-h6hrwq7avn
-
MD5
896c2bbb0dda248ac02ed60683858fa5
-
SHA1
42e44987ae2d842f4e6d197bde7694d18d1dc57a
-
SHA256
df8d5648e265825d946b6a3cffe442a39d04570bbe8834cfd54e2aa568fb4520
-
SHA512
090bf4471502c608a3226a02efca77c4e31b345e505c6bee21d5e12b25043a45ec71daca3a73ac81523429dab2f400d3358f40bae7e2523272d7bfa762b06c81
Static task
static1
Behavioral task
behavioral1
Sample
KHTC288.vbs
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.7B
fat7eorami.ddns.net:1177
AsyncMutex_6SI8OkPnk
-
aes_key
G2WOlk5vwHneijb61ynCU3xRR3D20hZw
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
omarf2r
-
host
fat7eorami.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
1177
-
version
0.5.7B
Targets
-
-
Target
KHTC288.vbs
-
Size
662B
-
MD5
896c2bbb0dda248ac02ed60683858fa5
-
SHA1
42e44987ae2d842f4e6d197bde7694d18d1dc57a
-
SHA256
df8d5648e265825d946b6a3cffe442a39d04570bbe8834cfd54e2aa568fb4520
-
SHA512
090bf4471502c608a3226a02efca77c4e31b345e505c6bee21d5e12b25043a45ec71daca3a73ac81523429dab2f400d3358f40bae7e2523272d7bfa762b06c81
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-