General
-
Target
WAPOLQA77372.vbs
-
Size
746B
-
Sample
211023-g2lwqadbaj
-
MD5
ce629de1aaf24d2eb4fa640a576193c2
-
SHA1
6468c284159433cfdf6722b29beb5a3b7a536cca
-
SHA256
c473c06a6459fdf0ec51659776a5665e561166d899d4ee20048ba0938a3b5388
-
SHA512
e9272aa122af17ef6e6decb14465eb2000fe424381a0bbe19fb21468036d5bba85941e3b5b70ef1b9938b50615698e2b4d878efce0376bf6f7835d68f244e5f2
Static task
static1
Behavioral task
behavioral1
Sample
WAPOLQA77372.vbs
Resource
win7-en-20210920
Malware Config
Extracted
https://thespringreviews.com/.Fainl.txt
Extracted
asyncrat
0.5.7B
NEW-WORK
2pop.ddns.net:6666
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
WAPOLQA77372.vbs
-
Size
746B
-
MD5
ce629de1aaf24d2eb4fa640a576193c2
-
SHA1
6468c284159433cfdf6722b29beb5a3b7a536cca
-
SHA256
c473c06a6459fdf0ec51659776a5665e561166d899d4ee20048ba0938a3b5388
-
SHA512
e9272aa122af17ef6e6decb14465eb2000fe424381a0bbe19fb21468036d5bba85941e3b5b70ef1b9938b50615698e2b4d878efce0376bf6f7835d68f244e5f2
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-