Overview

overview

10

Static

static

CMAFVYXWTU.vbs

windows7_x64

8

CMAFVYXWTU.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CMAFVYXWTU.VBS

  • Size

    53KB

  • Sample

    220411-trrensahh4

  • MD5

    9d4e4d93f96d74a8e14b07aeb01e0fab

  • SHA1

    2e5774aa89bb891842666eae20f9b3e2bd321367

  • SHA256

    670281ba138913fc2b66bccfadbe322cb3a6b262c60d4a5dc5b8a74e8e1f9ae2

  • SHA512

    1952600ad860d0924c3a61ada825d3d3d3c9b2ae685cfd2d0bcbe3c2d35ae43d27e91685e7f1c3c5c8df6a29e00a9a1cc0a826effcfa9af2d471972437d4bb67

Score
10/10
asyncratnew-opamarat

Malware Config

Extracted

Family

asyncrat

Version

2022 | Edit 3LOSH RAT

Botnet

New-OPAMA

C2

pop11.linkpc.net:6606

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      CMAFVYXWTU.VBS

    • Size

      53KB

    • MD5

      9d4e4d93f96d74a8e14b07aeb01e0fab

    • SHA1

      2e5774aa89bb891842666eae20f9b3e2bd321367

    • SHA256

      670281ba138913fc2b66bccfadbe322cb3a6b262c60d4a5dc5b8a74e8e1f9ae2

    • SHA512

      1952600ad860d0924c3a61ada825d3d3d3c9b2ae685cfd2d0bcbe3c2d35ae43d27e91685e7f1c3c5c8df6a29e00a9a1cc0a826effcfa9af2d471972437d4bb67

    Score
    10/10
    asyncratnew-opamarat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks