General
-
Target
WorkScope Details.vbs
-
Size
31KB
-
Sample
220415-pffftaghhr
-
MD5
0284695a0af70e045cf579e015ebbdf4
-
SHA1
f0c20148cf96f0c81463e0224d80d4c67d7c1a04
-
SHA256
78a742710aa79e0574a6faefecfaf851b64043889e75768f5de091cfc5a21dc0
-
SHA512
6e54499711e1a0ee1ecd4679d7584027a424ba496d0bca868cc8e8d13d47097c4f0d65c0e4277c1457371b37e0c525a8ade33860cabd4e8869a438282af89e56
Static task
static1
Behavioral task
behavioral1
Sample
WorkScope Details.vbs
Resource
win7-20220414-en
Malware Config
Extracted
https://textbin.net/raw/mevlbkxshp
Extracted
asyncrat
1.0.7
Default
rick63.publicvm.com:5900
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
WorkScope Details.vbs
-
Size
31KB
-
MD5
0284695a0af70e045cf579e015ebbdf4
-
SHA1
f0c20148cf96f0c81463e0224d80d4c67d7c1a04
-
SHA256
78a742710aa79e0574a6faefecfaf851b64043889e75768f5de091cfc5a21dc0
-
SHA512
6e54499711e1a0ee1ecd4679d7584027a424ba496d0bca868cc8e8d13d47097c4f0d65c0e4277c1457371b37e0c525a8ade33860cabd4e8869a438282af89e56
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-