Overview

overview

10

Static

static

36fa454c2d...6b.vbs

windows7_x64

10

36fa454c2d...6b.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36fa454c2d843d13c235ddd860552a6b.vbs.vir

  • Size

    70KB

  • Sample

    220130-chal5adfd7

  • MD5

    36fa454c2d843d13c235ddd860552a6b

  • SHA1

    aa5a2173d6e2cf85a8a3316fc9fc9cf0a621563b

  • SHA256

    326e3995924b292caaf2c8db8ed234c959c32867c0279263ba86c3a34a1a9454

  • SHA512

    12c5fbf76117ab9b4d7ed6fd3ff0377e55f14f3e57901a0acb772e0f005e9284dd1b08cd4151dee6fba2770f47e8d5bb190ffbaef234f0dab546856715a2e748

Score
10/10
asyncratrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://v3-fastupload.s3-accelerate.amazonaws.com/1643406871-d.mp3

Targets

    • Target

      36fa454c2d843d13c235ddd860552a6b.vbs.vir

    • Size

      70KB

    • MD5

      36fa454c2d843d13c235ddd860552a6b

    • SHA1

      aa5a2173d6e2cf85a8a3316fc9fc9cf0a621563b

    • SHA256

      326e3995924b292caaf2c8db8ed234c959c32867c0279263ba86c3a34a1a9454

    • SHA512

      12c5fbf76117ab9b4d7ed6fd3ff0377e55f14f3e57901a0acb772e0f005e9284dd1b08cd4151dee6fba2770f47e8d5bb190ffbaef234f0dab546856715a2e748

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks