General
-
Target
viewn.bat
-
Size
289B
-
Sample
230221-bp32ksfa7v
-
MD5
d0199e962da6ddb7ef820976f6305cfb
-
SHA1
a242dfb8a7cb5bc28c5b291ce898997d4bb4b645
-
SHA256
fe3ecc8083863bdabe36d78b083c191f974a2a54ccc246baa3e7715bc2fc1913
-
SHA512
53b6ada79d72ef82e73d696a10733845d34a072528075a4609c492a1cc1bbb3afbebbf7ecc2cd05f10835303362326f4b72e0fef5f2ee0cb8488ee99a6f08276
Static task
static1
Behavioral task
behavioral1
Sample
viewn.bat
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
viewn.bat
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
95.216.102.32:6606
95.216.102.32:7707
95.216.102.32:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
viewn.bat
-
Size
289B
-
MD5
d0199e962da6ddb7ef820976f6305cfb
-
SHA1
a242dfb8a7cb5bc28c5b291ce898997d4bb4b645
-
SHA256
fe3ecc8083863bdabe36d78b083c191f974a2a54ccc246baa3e7715bc2fc1913
-
SHA512
53b6ada79d72ef82e73d696a10733845d34a072528075a4609c492a1cc1bbb3afbebbf7ecc2cd05f10835303362326f4b72e0fef5f2ee0cb8488ee99a6f08276
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Blocklisted process makes network request
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-