General
-
Target
N00FX02Invoicecopy.vbs
-
Size
5KB
-
Sample
210911-baqspsagb6
-
MD5
9e0bd0f4ce191d98589957b4427cf41c
-
SHA1
00f0cd6cbd74f0be67c4a5ccae6c5bccba40ca28
-
SHA256
d8254110ac2d8ee1e35d89881116ae44e2542adab4b91cfbba532baa180442d9
-
SHA512
20863c334593b5e2b476b6e548ced2c9755609be58e433028d2b4bbdb3236266d8cca9afe131ed163b753a5ea79ff581e75a3e205fc20275c513d4f8119221dd
Malware Config
Extracted
http://52.188.147.221/Spreading/HS.txt
Extracted
asyncrat
0.5.7B
Default
jilldoggyy.duckdns.org:7840
jilldoggyy.duckdns.org:7829
jilldoggyy.duckdns.org:7841
103.147.185.192:7840
103.147.185.192:7829
103.147.185.192:7841
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Extracted
njrat
v4.0
HacKed
20.194.35.6:8023
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
N00FX02Invoicecopy.vbs
-
Size
5KB
-
MD5
9e0bd0f4ce191d98589957b4427cf41c
-
SHA1
00f0cd6cbd74f0be67c4a5ccae6c5bccba40ca28
-
SHA256
d8254110ac2d8ee1e35d89881116ae44e2542adab4b91cfbba532baa180442d9
-
SHA512
20863c334593b5e2b476b6e548ced2c9755609be58e433028d2b4bbdb3236266d8cca9afe131ed163b753a5ea79ff581e75a3e205fc20275c513d4f8119221dd
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-