General
-
Target
OZYDK452083.VBS.vbs
-
Size
70KB
-
Sample
220129-bt4tnsade8
-
MD5
36fa454c2d843d13c235ddd860552a6b
-
SHA1
aa5a2173d6e2cf85a8a3316fc9fc9cf0a621563b
-
SHA256
326e3995924b292caaf2c8db8ed234c959c32867c0279263ba86c3a34a1a9454
-
SHA512
12c5fbf76117ab9b4d7ed6fd3ff0377e55f14f3e57901a0acb772e0f005e9284dd1b08cd4151dee6fba2770f47e8d5bb190ffbaef234f0dab546856715a2e748
Static task
static1
Behavioral task
behavioral1
Sample
OZYDK452083.VBS.vbs
Resource
win7-en-20211208
Malware Config
Extracted
https://v3-fastupload.s3-accelerate.amazonaws.com/1643406871-d.mp3
Targets
-
-
Target
OZYDK452083.VBS.vbs
-
Size
70KB
-
MD5
36fa454c2d843d13c235ddd860552a6b
-
SHA1
aa5a2173d6e2cf85a8a3316fc9fc9cf0a621563b
-
SHA256
326e3995924b292caaf2c8db8ed234c959c32867c0279263ba86c3a34a1a9454
-
SHA512
12c5fbf76117ab9b4d7ed6fd3ff0377e55f14f3e57901a0acb772e0f005e9284dd1b08cd4151dee6fba2770f47e8d5bb190ffbaef234f0dab546856715a2e748
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-