General
-
Target
KELCYML94182.vbs
-
Size
820B
-
Sample
220226-3tkjksbeb9
-
MD5
876924f6b4fe731b83fdd100bbf26cc2
-
SHA1
411d8886c79f7acfb50663234b67f22f5bc48cdd
-
SHA256
7ce24a33f4c22348ea1da16e5d04ac7936b8488a48371673343754e586069faf
-
SHA512
f0173ca14f0066a458946484cd2be6126c70ac3ce1c221d3265e76b89dc38ae9285732539a97315664c20c199403f7bd9135b05f136f030bbdf8a090c690c543
Static task
static1
Behavioral task
behavioral1
Sample
KELCYML94182.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
KELCYML94182.vbs
Resource
win10-20220223-en
Malware Config
Extracted
https://sikabid.com/.Final2.txt
Extracted
asyncrat
0.5.7B
ZAIN-WORK-NEW
pop5.ddns.net:6666
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
KELCYML94182.vbs
-
Size
820B
-
MD5
876924f6b4fe731b83fdd100bbf26cc2
-
SHA1
411d8886c79f7acfb50663234b67f22f5bc48cdd
-
SHA256
7ce24a33f4c22348ea1da16e5d04ac7936b8488a48371673343754e586069faf
-
SHA512
f0173ca14f0066a458946484cd2be6126c70ac3ce1c221d3265e76b89dc38ae9285732539a97315664c20c199403f7bd9135b05f136f030bbdf8a090c690c543
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-