General
-
Target
charters details.pdf.vbs
-
Size
749B
-
Sample
220119-wdqx4acadk
-
MD5
e16c8a204a76ec2ca481bdfcc90d4fc2
-
SHA1
f1ec56e72c644a587af18cad25459f9b6426be75
-
SHA256
ebd7809cacae62bc94dfb8077868f53d53beb0614766213d48f4385ed09c73a6
-
SHA512
9ee20bdcaafe0a5a2d3c5c24bd56aa27c2b0861efe2f7b729763bb978e6552baf92eb544f2491a90ae9cdc31760bd0d0e8d834aed4b2b76863467a52daf6100b
Static task
static1
Behavioral task
behavioral1
Sample
charters details.pdf.vbs
Resource
win7-es-20211208
Behavioral task
behavioral2
Sample
charters details.pdf.vbs
Resource
win10v2004-es-20220112
Malware Config
Extracted
asyncrat
1.0.7
Default
tq744.publicvm.com:1846
DcRatMutex_qwqdanchun
-
anti_vm
false
-
bsod
false
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
charters details.pdf.vbs
-
Size
749B
-
MD5
e16c8a204a76ec2ca481bdfcc90d4fc2
-
SHA1
f1ec56e72c644a587af18cad25459f9b6426be75
-
SHA256
ebd7809cacae62bc94dfb8077868f53d53beb0614766213d48f4385ed09c73a6
-
SHA512
9ee20bdcaafe0a5a2d3c5c24bd56aa27c2b0861efe2f7b729763bb978e6552baf92eb544f2491a90ae9cdc31760bd0d0e8d834aed4b2b76863467a52daf6100b
Score10/10-
Registers COM server for autorun
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-