General
-
Target
ATGSVCN64670.pdf.vbs
-
Size
741B
-
Sample
211025-gzxv7sfff4
-
MD5
e06db4f9c991c9e5e4df226f567b8a99
-
SHA1
389820f7a7449f175ee6a5bb2d80004f42613638
-
SHA256
b1a19a89c4c0b8efa1ebf594bd266b914e3f5621d12edff2fbf4d48bb0e32447
-
SHA512
bddc4feed5b04b276b9fb0dc85825a1455efb6c297e182680e918523f4bf96a73d990a3dcd61a1a6d6a65bbd5a2e5f974b1d77d27c301ed46e58a54849328a19
Static task
static1
Behavioral task
behavioral1
Sample
ATGSVCN64670.pdf.vbs
Resource
win7-en-20211014
Malware Config
Extracted
https://lacycoligan.com/.Final.txt
Targets
-
-
Target
ATGSVCN64670.pdf.vbs
-
Size
741B
-
MD5
e06db4f9c991c9e5e4df226f567b8a99
-
SHA1
389820f7a7449f175ee6a5bb2d80004f42613638
-
SHA256
b1a19a89c4c0b8efa1ebf594bd266b914e3f5621d12edff2fbf4d48bb0e32447
-
SHA512
bddc4feed5b04b276b9fb0dc85825a1455efb6c297e182680e918523f4bf96a73d990a3dcd61a1a6d6a65bbd5a2e5f974b1d77d27c301ed46e58a54849328a19
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-