General
-
Target
0f2b047310e67d7cd019fcecab748e60.vbs
-
Size
377B
-
Sample
220719-w3qzdsgggq
-
MD5
0f2b047310e67d7cd019fcecab748e60
-
SHA1
a645f62df84cfb673cabedcde468886fc8f4e04a
-
SHA256
e99d298b9699a377758ff12e42670465444329a49b47d51a533365a8f12b91f1
-
SHA512
f54c7ae16c19ec7785972daef9e5607ba0c140677315a07bc21666e2da5b1562ff1d93ca62275ca44a5745d2e763cf819950ee965d033b1e1e2517ae32270b81
Static task
static1
Behavioral task
behavioral1
Sample
0f2b047310e67d7cd019fcecab748e60.vbs
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
0f2b047310e67d7cd019fcecab748e60.vbs
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://royaltpita.com/wp-admin/maint/enc.txt
Extracted
asyncrat
0.5.7B
Now
moaaaza.com:9090
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
0f2b047310e67d7cd019fcecab748e60.vbs
-
Size
377B
-
MD5
0f2b047310e67d7cd019fcecab748e60
-
SHA1
a645f62df84cfb673cabedcde468886fc8f4e04a
-
SHA256
e99d298b9699a377758ff12e42670465444329a49b47d51a533365a8f12b91f1
-
SHA512
f54c7ae16c19ec7785972daef9e5607ba0c140677315a07bc21666e2da5b1562ff1d93ca62275ca44a5745d2e763cf819950ee965d033b1e1e2517ae32270b81
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-