Overview

overview

10

Static

static

HWGYLCBITD...ZS.vbs

windows7_x64

10

HWGYLCBITD...ZS.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HWGYLCBITDLEFLATIXCZS.VBS

  • Size

    3KB

  • Sample

    220413-xsyf6afag7

  • MD5

    e9cc67f9dc37b896f40ee439da6e4c38

  • SHA1

    ca2e75b9a9828ed85d126ea89937272449b3b123

  • SHA256

    414566a9fa390bf5414ecfd83484acc8bf24824086f1f350cb7e0f8c5a37c48f

  • SHA512

    208a6cb226cb1097b63cda7e8e5f982ca2866d6690fce63e4ecee688edc657d8fcc5986ee9720dc4bff80a9b0b6220336b52adc3503b07944cb2ed69b21ddff4

Score
10/10
asyncratpowerrat

Malware Config

Extracted

Family

asyncrat

Version

2022 | Edit 3LOSH RAT

Botnet

POWER

C2

mekhocairos.linkpc.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      HWGYLCBITDLEFLATIXCZS.VBS

    • Size

      3KB

    • MD5

      e9cc67f9dc37b896f40ee439da6e4c38

    • SHA1

      ca2e75b9a9828ed85d126ea89937272449b3b123

    • SHA256

      414566a9fa390bf5414ecfd83484acc8bf24824086f1f350cb7e0f8c5a37c48f

    • SHA512

      208a6cb226cb1097b63cda7e8e5f982ca2866d6690fce63e4ecee688edc657d8fcc5986ee9720dc4bff80a9b0b6220336b52adc3503b07944cb2ed69b21ddff4

    Score
    10/10
    asyncratpowerrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks