General
-
Target
tmp7105.tmpAsync738209.vbs
-
Size
3KB
-
Sample
220121-xr5tvabagl
-
MD5
47211db78ef9af078b188daac7c13a11
-
SHA1
a8907d95360cde45a09df14976fbd1316ac149fd
-
SHA256
780675dd7cac0463f8b8e9e47dd6195d241a6ce74ed41610a968df2012f0b2dc
-
SHA512
b81dcf53101c98bc875a7f7f9f1ffa72bb3addb64c16e427fb2dec1d05feca9075fdb53e8cc26869ba243bf92a26bbbeafdaa3d95dfb8e7aa6ef72b95dff1d04
Static task
static1
Behavioral task
behavioral1
Sample
tmp7105.tmpAsync738209.vbs
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
asyncmoney.duckdns.org:7829
asyncmoney.duckdns.org:7840
asyncmoney.duckdns.org:7841
asyncmoney.duckdns.org:7842
asyncmoney.duckdns.org:7849
asyncpcc.duckdns.org:7829
asyncpcc.duckdns.org:7840
asyncpcc.duckdns.org:7841
asyncpcc.duckdns.org:7842
asyncpcc.duckdns.org:7849
monedfghsja.duckdns.org:7829
monedfghsja.duckdns.org:7840
monedfghsja.duckdns.org:7841
monedfghsja.duckdns.org:7842
monedfghsja.duckdns.org:7849
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_file
Adobe.exe
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
tmp7105.tmpAsync738209.vbs
-
Size
3KB
-
MD5
47211db78ef9af078b188daac7c13a11
-
SHA1
a8907d95360cde45a09df14976fbd1316ac149fd
-
SHA256
780675dd7cac0463f8b8e9e47dd6195d241a6ce74ed41610a968df2012f0b2dc
-
SHA512
b81dcf53101c98bc875a7f7f9f1ffa72bb3addb64c16e427fb2dec1d05feca9075fdb53e8cc26869ba243bf92a26bbbeafdaa3d95dfb8e7aa6ef72b95dff1d04
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-