General
-
Target
usps54732563.vbs
-
Size
523B
-
Sample
220729-wx6snabhd8
-
MD5
f83e436ca7acf3f80ca706e118288f2b
-
SHA1
2c760d46c138593186e359bef37a322dd3b73ece
-
SHA256
442a2a8f6b9284cdec1fb7ff52faed051cba8337295e550389bbdd7bbc6c8c41
-
SHA512
24a1ee24b6fb9387b70fa39ff22204a92dc25c1fbcd51f08fe50c776557ae5bd118bda68cc63e67a236aa3d98cb3add98d3189c4199bd227037e4ea8fdeb7f5a
Static task
static1
Behavioral task
behavioral1
Sample
usps54732563.vbs
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
usps54732563.vbs
Resource
win10-20220414-en
Malware Config
Extracted
https://clever-ishizaka.45-86-146-20.plesk.page/enc.txt
Extracted
asyncrat
0.5.7B
29/7
vvat22.con-ip.com:7707
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
usps54732563.vbs
-
Size
523B
-
MD5
f83e436ca7acf3f80ca706e118288f2b
-
SHA1
2c760d46c138593186e359bef37a322dd3b73ece
-
SHA256
442a2a8f6b9284cdec1fb7ff52faed051cba8337295e550389bbdd7bbc6c8c41
-
SHA512
24a1ee24b6fb9387b70fa39ff22204a92dc25c1fbcd51f08fe50c776557ae5bd118bda68cc63e67a236aa3d98cb3add98d3189c4199bd227037e4ea8fdeb7f5a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-