General
-
Target
JOJLKD8241.vbs
-
Size
747B
-
Sample
211021-wzbejabedn
-
MD5
428942122b9451d2f4e1b8e0f1ae30c9
-
SHA1
95510a49b43260e32824409ca4559f31f1b5dc5b
-
SHA256
adeff8d430d7b1a1e66e8dfe0d82019a850a7f9d6c597e7e304eaff7c27626e8
-
SHA512
d6a1b3b88f49b55a653d0fb0019290acf22e55ef15d2dfd8baed4d92fcdfceaa9a84c558d6982a95c6196c812abf4ff49f0ba7253610fb5f3b81552d1ee0639c
Static task
static1
Behavioral task
behavioral1
Sample
JOJLKD8241.vbs
Resource
win7-en-20210920
Malware Config
Extracted
https://lawsonplace.com/.final.txt
Targets
-
-
Target
JOJLKD8241.vbs
-
Size
747B
-
MD5
428942122b9451d2f4e1b8e0f1ae30c9
-
SHA1
95510a49b43260e32824409ca4559f31f1b5dc5b
-
SHA256
adeff8d430d7b1a1e66e8dfe0d82019a850a7f9d6c597e7e304eaff7c27626e8
-
SHA512
d6a1b3b88f49b55a653d0fb0019290acf22e55ef15d2dfd8baed4d92fcdfceaa9a84c558d6982a95c6196c812abf4ff49f0ba7253610fb5f3b81552d1ee0639c
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-