Overview

overview

10

Static

static

QJSXA02HNV...02.vbs

windows7-x64

10

QJSXA02HNV...02.vbs

windows10-1703-x64

10

Resubmissions

14-10-2022 18:23

221014-w1l8eseae8 10

14-10-2022 18:13

221014-wt3ltsead3 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QJSXA02HNVFDSA_002.vbs

  • Size

    655KB

  • Sample

    221014-wt3ltsead3

  • MD5

    b4b5d6de250942a76ddee880ee1e79e3

  • SHA1

    cb510fa59d7ffe89105fccd06b987c69fc1b1481

  • SHA256

    7fbc145717d92d4d062cee79cef674462553dfe681333bba48ccd32beb97260b

  • SHA512

    044ed3b0da150486bd45b8484bba90ef094a2ed0ea49162115b59ad5f529633d9f277c9021882d72e2cf672e64afcaad28810170959a0c5490e5c48e97e70a6d

  • SSDEEP

    768:K1TsI0Sed5dQRXaPlSWPk/LCFeu2ka+VLG0:ugZ2Jcy0

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://20.7.14.99/dll/dll_ink.pdf

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

hallmoney927.duckdns.org:6739

hallmoney927.duckdns.org:7301

hallmoney927.duckdns.org:7808

hallmoney927.duckdns.org:8333

hallmoney927.duckdns.org:6112

hallmoney927.duckdns.org:7553
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      QJSXA02HNVFDSA_002.vbs

    • Size

      655KB

    • MD5

      b4b5d6de250942a76ddee880ee1e79e3

    • SHA1

      cb510fa59d7ffe89105fccd06b987c69fc1b1481

    • SHA256

      7fbc145717d92d4d062cee79cef674462553dfe681333bba48ccd32beb97260b

    • SHA512

      044ed3b0da150486bd45b8484bba90ef094a2ed0ea49162115b59ad5f529633d9f277c9021882d72e2cf672e64afcaad28810170959a0c5490e5c48e97e70a6d

    • SSDEEP

      768:K1TsI0Sed5dQRXaPlSWPk/LCFeu2ka+VLG0:ugZ2Jcy0

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks