General
-
Target
HWGYLCBITDLEFLATIXCZS.VBS
-
Size
3KB
-
Sample
220413-xsyf6afag7
-
MD5
e9cc67f9dc37b896f40ee439da6e4c38
-
SHA1
ca2e75b9a9828ed85d126ea89937272449b3b123
-
SHA256
414566a9fa390bf5414ecfd83484acc8bf24824086f1f350cb7e0f8c5a37c48f
-
SHA512
208a6cb226cb1097b63cda7e8e5f982ca2866d6690fce63e4ecee688edc657d8fcc5986ee9720dc4bff80a9b0b6220336b52adc3503b07944cb2ed69b21ddff4
Static task
static1
Behavioral task
behavioral1
Sample
HWGYLCBITDLEFLATIXCZS.vbs
Resource
win7-20220331-en
Malware Config
Extracted
asyncrat
2022 | Edit 3LOSH RAT
POWER
mekhocairos.linkpc.net:6666
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
HWGYLCBITDLEFLATIXCZS.VBS
-
Size
3KB
-
MD5
e9cc67f9dc37b896f40ee439da6e4c38
-
SHA1
ca2e75b9a9828ed85d126ea89937272449b3b123
-
SHA256
414566a9fa390bf5414ecfd83484acc8bf24824086f1f350cb7e0f8c5a37c48f
-
SHA512
208a6cb226cb1097b63cda7e8e5f982ca2866d6690fce63e4ecee688edc657d8fcc5986ee9720dc4bff80a9b0b6220336b52adc3503b07944cb2ed69b21ddff4
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-