General
-
Target
Report Details.vbs
-
Size
11KB
-
Sample
220329-q496rsede2
-
MD5
319b813ad02fdd9cb8bbdec00c3774cc
-
SHA1
e00f63367d4ee49d84ac05059f67e74351eb73e2
-
SHA256
2f36f1a117071a9097c1ec0fff17772a029594500d6706f470899168d3b595f8
-
SHA512
7583ba7a8f5fc126f7d73fc9c69210f4c85329af2e63d95d062fc59158f905e859a2714784b72fd235dae45f4d78fb3b17c22b6ce758377dea50b777965ab328
Static task
static1
Behavioral task
behavioral1
Sample
Report Details.vbs
Resource
win7-20220310-en
Malware Config
Extracted
https://paste.ee/r/CTMue/0
Extracted
asyncrat
1.0.7
Default
rick63.publicvm.com:5900
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Report Details.vbs
-
Size
11KB
-
MD5
319b813ad02fdd9cb8bbdec00c3774cc
-
SHA1
e00f63367d4ee49d84ac05059f67e74351eb73e2
-
SHA256
2f36f1a117071a9097c1ec0fff17772a029594500d6706f470899168d3b595f8
-
SHA512
7583ba7a8f5fc126f7d73fc9c69210f4c85329af2e63d95d062fc59158f905e859a2714784b72fd235dae45f4d78fb3b17c22b6ce758377dea50b777965ab328
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-