General
-
Target
QJSXA02HNVFDSA_002.vbs
-
Size
655KB
-
Sample
221014-wt3ltsead3
-
MD5
b4b5d6de250942a76ddee880ee1e79e3
-
SHA1
cb510fa59d7ffe89105fccd06b987c69fc1b1481
-
SHA256
7fbc145717d92d4d062cee79cef674462553dfe681333bba48ccd32beb97260b
-
SHA512
044ed3b0da150486bd45b8484bba90ef094a2ed0ea49162115b59ad5f529633d9f277c9021882d72e2cf672e64afcaad28810170959a0c5490e5c48e97e70a6d
-
SSDEEP
768:K1TsI0Sed5dQRXaPlSWPk/LCFeu2ka+VLG0:ugZ2Jcy0
Static task
static1
Behavioral task
behavioral1
Sample
QJSXA02HNVFDSA_002.vbs
Resource
win7-20220812-en
Malware Config
Extracted
http://20.7.14.99/dll/dll_ink.pdf
Extracted
asyncrat
0.5.7B
Default
hallmoney927.duckdns.org:6739
hallmoney927.duckdns.org:7301
hallmoney927.duckdns.org:7808
hallmoney927.duckdns.org:8333
hallmoney927.duckdns.org:6112
hallmoney927.duckdns.org:7553
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
QJSXA02HNVFDSA_002.vbs
-
Size
655KB
-
MD5
b4b5d6de250942a76ddee880ee1e79e3
-
SHA1
cb510fa59d7ffe89105fccd06b987c69fc1b1481
-
SHA256
7fbc145717d92d4d062cee79cef674462553dfe681333bba48ccd32beb97260b
-
SHA512
044ed3b0da150486bd45b8484bba90ef094a2ed0ea49162115b59ad5f529633d9f277c9021882d72e2cf672e64afcaad28810170959a0c5490e5c48e97e70a6d
-
SSDEEP
768:K1TsI0Sed5dQRXaPlSWPk/LCFeu2ka+VLG0:ugZ2Jcy0
-
Async RAT payload
-
Blocklisted process makes network request
-
Drops startup file
-
Suspicious use of SetThreadContext
-