General
-
Target
CMAFVYXWTU.VBS
-
Size
53KB
-
Sample
220411-trrensahh4
-
MD5
9d4e4d93f96d74a8e14b07aeb01e0fab
-
SHA1
2e5774aa89bb891842666eae20f9b3e2bd321367
-
SHA256
670281ba138913fc2b66bccfadbe322cb3a6b262c60d4a5dc5b8a74e8e1f9ae2
-
SHA512
1952600ad860d0924c3a61ada825d3d3d3c9b2ae685cfd2d0bcbe3c2d35ae43d27e91685e7f1c3c5c8df6a29e00a9a1cc0a826effcfa9af2d471972437d4bb67
Static task
static1
Behavioral task
behavioral1
Sample
CMAFVYXWTU.vbs
Resource
win7-20220331-en
Malware Config
Extracted
asyncrat
2022 | Edit 3LOSH RAT
New-OPAMA
pop11.linkpc.net:6606
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
CMAFVYXWTU.VBS
-
Size
53KB
-
MD5
9d4e4d93f96d74a8e14b07aeb01e0fab
-
SHA1
2e5774aa89bb891842666eae20f9b3e2bd321367
-
SHA256
670281ba138913fc2b66bccfadbe322cb3a6b262c60d4a5dc5b8a74e8e1f9ae2
-
SHA512
1952600ad860d0924c3a61ada825d3d3d3c9b2ae685cfd2d0bcbe3c2d35ae43d27e91685e7f1c3c5c8df6a29e00a9a1cc0a826effcfa9af2d471972437d4bb67
-
Async RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-