General
-
Target
8e298f804dfbb940d749265a3c053571.vbs.vir
-
Size
70KB
-
Sample
220130-cgwszadfd2
-
MD5
8e298f804dfbb940d749265a3c053571
-
SHA1
3dbfb4bcbc5432a332fa3f21ffcefcf2cbf1c990
-
SHA256
71f51f194201d9d3a86fa99255909017632302bd7007b50b400490a5cd4a4043
-
SHA512
0f74937535774010eb334c226fd704154325a0f2aadf08f9454ba14acd6a6d1ba09d605a06d8a8274785399411431ea819c8786ee317158bbef08a57e078f681
Static task
static1
Behavioral task
behavioral1
Sample
8e298f804dfbb940d749265a3c053571.vbs
Resource
win7-en-20211208
Malware Config
Extracted
https://v3-fastupload.s3-accelerate.amazonaws.com/1643406871-d.mp3
Targets
-
-
Target
8e298f804dfbb940d749265a3c053571.vbs.vir
-
Size
70KB
-
MD5
8e298f804dfbb940d749265a3c053571
-
SHA1
3dbfb4bcbc5432a332fa3f21ffcefcf2cbf1c990
-
SHA256
71f51f194201d9d3a86fa99255909017632302bd7007b50b400490a5cd4a4043
-
SHA512
0f74937535774010eb334c226fd704154325a0f2aadf08f9454ba14acd6a6d1ba09d605a06d8a8274785399411431ea819c8786ee317158bbef08a57e078f681
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-