JOJLKD8241.vbs

General
Target

JOJLKD8241.vbs

Size

747B

Sample

211021-wzbejabedn

Score
10 /10
MD5

428942122b9451d2f4e1b8e0f1ae30c9

SHA1

95510a49b43260e32824409ca4559f31f1b5dc5b

SHA256

adeff8d430d7b1a1e66e8dfe0d82019a850a7f9d6c597e7e304eaff7c27626e8

SHA512

d6a1b3b88f49b55a653d0fb0019290acf22e55ef15d2dfd8baed4d92fcdfceaa9a84c558d6982a95c6196c812abf4ff49f0ba7253610fb5f3b81552d1ee0639c

Malware Config

Extracted

Language ps1
Deobfuscated
URLs
ps1.dropper

https://lawsonplace.com/.final.txt

Targets
Target

JOJLKD8241.vbs

MD5

428942122b9451d2f4e1b8e0f1ae30c9

Filesize

747B

Score
10 /10
SHA1

95510a49b43260e32824409ca4559f31f1b5dc5b

SHA256

adeff8d430d7b1a1e66e8dfe0d82019a850a7f9d6c597e7e304eaff7c27626e8

SHA512

d6a1b3b88f49b55a653d0fb0019290acf22e55ef15d2dfd8baed4d92fcdfceaa9a84c558d6982a95c6196c812abf4ff49f0ba7253610fb5f3b81552d1ee0639c

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    Tags

  • Async RAT payload

    Tags

  • Blocklisted process makes network request

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10