General
-
Target
LKGFCV.vbs.vbs
-
Size
730B
-
Sample
210727-zgjha4yhj6
-
MD5
8a7246cc77596aa840c15b3ac9907c4e
-
SHA1
c34f30b5aa3777cf3b3d35cfd8af330f8af97981
-
SHA256
c7be7d6e94c31e0f376d1cb9be3e0f311d57ae1a318437dc7c28b2574a73be31
-
SHA512
790e62a08b098dcdda4dfc1cc218712f069426b639420aca7ae6dfbd239f765fe379b92847d12da8a8f68699068d1779e7415d1c76fa64a989ae9dfa8b7dbe94
Static task
static1
Behavioral task
behavioral1
Sample
LKGFCV.vbs.vbs
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.7B
newfrost.ddns.net:6666
AsyncMutex_6SI8OkPnk
-
aes_key
iQqiAD9kmzPLel2oEjZjj8tYKfnH5XkL
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
new
-
host
newfrost.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6666
-
version
0.5.7B
Targets
-
-
Target
LKGFCV.vbs.vbs
-
Size
730B
-
MD5
8a7246cc77596aa840c15b3ac9907c4e
-
SHA1
c34f30b5aa3777cf3b3d35cfd8af330f8af97981
-
SHA256
c7be7d6e94c31e0f376d1cb9be3e0f311d57ae1a318437dc7c28b2574a73be31
-
SHA512
790e62a08b098dcdda4dfc1cc218712f069426b639420aca7ae6dfbd239f765fe379b92847d12da8a8f68699068d1779e7415d1c76fa64a989ae9dfa8b7dbe94
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-