General
-
Target
LZCEY349215.VBS
-
Size
70KB
-
Sample
220129-e6d1kachgm
-
MD5
d5726ba5b7f7264d20dc4fbab0c3d61b
-
SHA1
3ca15e074176a44f4e03240add018b4b9f301b53
-
SHA256
2d133a568566a3664e72f4cab1dede8b2b706d414adbc40222f25f8b056b45ab
-
SHA512
3f1a5a67976c2ae653751fa32d79426475335a152142a354a82178cd6cd4d83ba46a4d2cee59c403dd6e1fea75bc43e0189dad4df00549fe3d78d39d6d14a79e
Static task
static1
Behavioral task
behavioral1
Sample
LZCEY349215.vbs
Resource
win7-en-20211208
Malware Config
Extracted
https://v3-fastupload.s3-accelerate.amazonaws.com/1643406871-d.mp3
Targets
-
-
Target
LZCEY349215.VBS
-
Size
70KB
-
MD5
d5726ba5b7f7264d20dc4fbab0c3d61b
-
SHA1
3ca15e074176a44f4e03240add018b4b9f301b53
-
SHA256
2d133a568566a3664e72f4cab1dede8b2b706d414adbc40222f25f8b056b45ab
-
SHA512
3f1a5a67976c2ae653751fa32d79426475335a152142a354a82178cd6cd4d83ba46a4d2cee59c403dd6e1fea75bc43e0189dad4df00549fe3d78d39d6d14a79e
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-