Overview

overview

10

Static

static

WAPOLQA77372.vbs

windows7_x64

10

WAPOLQA77372.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WAPOLQA77372.vbs

  • Size

    746B

  • Sample

    211023-g2lwqadbaj

  • MD5

    ce629de1aaf24d2eb4fa640a576193c2

  • SHA1

    6468c284159433cfdf6722b29beb5a3b7a536cca

  • SHA256

    c473c06a6459fdf0ec51659776a5665e561166d899d4ee20048ba0938a3b5388

  • SHA512

    e9272aa122af17ef6e6decb14465eb2000fe424381a0bbe19fb21468036d5bba85941e3b5b70ef1b9938b50615698e2b4d878efce0376bf6f7835d68f244e5f2

Score
10/10
asyncratnew-workrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://thespringreviews.com/.Fainl.txt

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

NEW-WORK

C2

2pop.ddns.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      WAPOLQA77372.vbs

    • Size

      746B

    • MD5

      ce629de1aaf24d2eb4fa640a576193c2

    • SHA1

      6468c284159433cfdf6722b29beb5a3b7a536cca

    • SHA256

      c473c06a6459fdf0ec51659776a5665e561166d899d4ee20048ba0938a3b5388

    • SHA512

      e9272aa122af17ef6e6decb14465eb2000fe424381a0bbe19fb21468036d5bba85941e3b5b70ef1b9938b50615698e2b4d878efce0376bf6f7835d68f244e5f2

    Score
    10/10
    asyncratnew-workrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks