General
-
Target
LUID618.vbs
-
Size
662B
-
Sample
210725-7j8chxcg92
-
MD5
a39f9093ecdceb92cf629cd5764dd1d2
-
SHA1
1942c681159cbbce82dc7388b0de29b984f43bd8
-
SHA256
83d832887ed1b0af95ca14e647463251f0c9660971fddb03d3959647d6faee4d
-
SHA512
c18fd694af943cdc74a0679fe43214afb9c652a5e53dca386e631d765449e64bff524809ef2a7923843272dc9040a080028e4f1709eb37b95723b14443521c1a
Static task
static1
Behavioral task
behavioral1
Sample
LUID618.vbs
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.7B
newfrost.ddns.net:6666
AsyncMutex_6SI8OkPnk
-
aes_key
i7qGeRW2Orm1I0pgfxYOISTcRoWU7fSK
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
newfrost.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6666
-
version
0.5.7B
Targets
-
-
Target
LUID618.vbs
-
Size
662B
-
MD5
a39f9093ecdceb92cf629cd5764dd1d2
-
SHA1
1942c681159cbbce82dc7388b0de29b984f43bd8
-
SHA256
83d832887ed1b0af95ca14e647463251f0c9660971fddb03d3959647d6faee4d
-
SHA512
c18fd694af943cdc74a0679fe43214afb9c652a5e53dca386e631d765449e64bff524809ef2a7923843272dc9040a080028e4f1709eb37b95723b14443521c1a
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-