General
-
Target
V00GH01_Invoice_Copy.vbs
-
Size
3KB
-
Sample
210913-zdkmvshddr
-
MD5
f0eb4b843b026d5d100f69d47c2f576e
-
SHA1
f29356a70659a502ef8eea82fef2cc05e92d80fd
-
SHA256
c083348abc25e7c20eed06e9ceddd94af7b4787ea22dbca312d4b9e8504cf882
-
SHA512
57165f90091e183b248dc0cb8f7a8ca8dffa68818b4bbc045e7128ed13326c71e94de1111daefcd6875438afe3b2b765d51195ea1e3a0f8e986c74956f00c801
Malware Config
Extracted
http://52.188.147.221/All%20in%20One/fj.txt
Extracted
asyncrat
0.5.7B
Default
jilldoggyy.duckdns.org:7840
jilldoggyy.duckdns.org:7829
jilldoggyy.duckdns.org:7841
103.147.185.192:7840
103.147.185.192:7829
103.147.185.192:7841
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Extracted
njrat
v4.0
HacKed
20.194.35.6:8023
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
V00GH01_Invoice_Copy.vbs
-
Size
3KB
-
MD5
f0eb4b843b026d5d100f69d47c2f576e
-
SHA1
f29356a70659a502ef8eea82fef2cc05e92d80fd
-
SHA256
c083348abc25e7c20eed06e9ceddd94af7b4787ea22dbca312d4b9e8504cf882
-
SHA512
57165f90091e183b248dc0cb8f7a8ca8dffa68818b4bbc045e7128ed13326c71e94de1111daefcd6875438afe3b2b765d51195ea1e3a0f8e986c74956f00c801
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-