Overview

overview

10

Static

static

FNBCWBQ93746.vbs

windows7_x64

10

FNBCWBQ93746.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FNBCWBQ93746.vbs

  • Size

    746B

  • Sample

    211023-ghe9tscbc3

  • MD5

    6a2a1aaf8efc070333ed585ca4430005

  • SHA1

    846ea1a7c2f4b9939c7e93fce804a37299b3087c

  • SHA256

    5721f7ccd18493a91d2480764cb5c0f0daead0c45d43839751c9cc5fd0eca4fd

  • SHA512

    f5735dedced9e1689b3a8b820a28f1b0a3aad22a364a3257913a0148efd0cf5e0d1f753b9c0999fef2046dfe660c3363e125d437b770b019a358cd66ca1dac7f

Score
10/10
asyncratrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://thespringreviews.com/.Fainl.txt

Targets

    • Target

      FNBCWBQ93746.vbs

    • Size

      746B

    • MD5

      6a2a1aaf8efc070333ed585ca4430005

    • SHA1

      846ea1a7c2f4b9939c7e93fce804a37299b3087c

    • SHA256

      5721f7ccd18493a91d2480764cb5c0f0daead0c45d43839751c9cc5fd0eca4fd

    • SHA512

      f5735dedced9e1689b3a8b820a28f1b0a3aad22a364a3257913a0148efd0cf5e0d1f753b9c0999fef2046dfe660c3363e125d437b770b019a358cd66ca1dac7f

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks