General
-
Target
AFKCVLKLDDLZAVUPDONGW.VBS
-
Size
2KB
-
Sample
220412-xaelbsehhq
-
MD5
24ad735b3a8d200c611b18b836acaf53
-
SHA1
96bb5edf6154e46eb01a56a31b512790d293e367
-
SHA256
bbcb131bea858c4fb62a325f5bc4788e3ca18e790c6dd698ee6c6e870ea45636
-
SHA512
27b271bad8bed68d9a3b6ea986b7450f22a4c09831f4cb9a5588eada8246fa19695e82848a92087ba5564f6f3787d097dc91330df103deca64886f82bbbc7a65
Static task
static1
Behavioral task
behavioral1
Sample
AFKCVLKLDDLZAVUPDONGW.vbs
Resource
win7-20220311-en
Malware Config
Extracted
asyncrat
0.5.7B
paypal
anderione.com:5252
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
AFKCVLKLDDLZAVUPDONGW.VBS
-
Size
2KB
-
MD5
24ad735b3a8d200c611b18b836acaf53
-
SHA1
96bb5edf6154e46eb01a56a31b512790d293e367
-
SHA256
bbcb131bea858c4fb62a325f5bc4788e3ca18e790c6dd698ee6c6e870ea45636
-
SHA512
27b271bad8bed68d9a3b6ea986b7450f22a4c09831f4cb9a5588eada8246fa19695e82848a92087ba5564f6f3787d097dc91330df103deca64886f82bbbc7a65
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-