General
-
Target
order-82148214124.VBS
-
Size
377B
-
Sample
220719-tvng7agbdn
-
MD5
0f2b047310e67d7cd019fcecab748e60
-
SHA1
a645f62df84cfb673cabedcde468886fc8f4e04a
-
SHA256
e99d298b9699a377758ff12e42670465444329a49b47d51a533365a8f12b91f1
-
SHA512
f54c7ae16c19ec7785972daef9e5607ba0c140677315a07bc21666e2da5b1562ff1d93ca62275ca44a5745d2e763cf819950ee965d033b1e1e2517ae32270b81
Static task
static1
Behavioral task
behavioral1
Sample
order-82148214124.vbs
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
order-82148214124.vbs
Resource
win10-20220715-en
Malware Config
Extracted
https://royaltpita.com/wp-admin/maint/enc.txt
Extracted
asyncrat
0.5.7B
Now
moaaaza.com:9090
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
order-82148214124.VBS
-
Size
377B
-
MD5
0f2b047310e67d7cd019fcecab748e60
-
SHA1
a645f62df84cfb673cabedcde468886fc8f4e04a
-
SHA256
e99d298b9699a377758ff12e42670465444329a49b47d51a533365a8f12b91f1
-
SHA512
f54c7ae16c19ec7785972daef9e5607ba0c140677315a07bc21666e2da5b1562ff1d93ca62275ca44a5745d2e763cf819950ee965d033b1e1e2517ae32270b81
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-