General
-
Target
Invoice.vbs
-
Size
32KB
-
Sample
220113-xkap5acbel
-
MD5
19c6520ed056e9dec48778a3e3d4203d
-
SHA1
56111103ba9c4683f5726bd1b6d08ef6b94843cb
-
SHA256
6224a7c89983e47390bad704d603217393ae159e59909987b5097cbd3590b700
-
SHA512
30d1417ff0fde0b191c026568ae33cb52eb3fe7e7a7a36f5687e80e2f8202896e2f7987ab6fdcc998a32c15aa9a5eaaa06aa9f32979b11e52a8fae376e6b942e
Static task
static1
Malware Config
Extracted
asyncrat
0.5.7B
Office365
null:null
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/ySTxwDDK
Targets
-
-
Target
Invoice.vbs
-
Size
32KB
-
MD5
19c6520ed056e9dec48778a3e3d4203d
-
SHA1
56111103ba9c4683f5726bd1b6d08ef6b94843cb
-
SHA256
6224a7c89983e47390bad704d603217393ae159e59909987b5097cbd3590b700
-
SHA512
30d1417ff0fde0b191c026568ae33cb52eb3fe7e7a7a36f5687e80e2f8202896e2f7987ab6fdcc998a32c15aa9a5eaaa06aa9f32979b11e52a8fae376e6b942e
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Deletes itself
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-