General

  • Target

    c8a2e6686c66c2e7b85cd17c5af1aab79c48abdd6f756bbf9ffd4c4eb0ab77cd .vbs

  • Size

    783B

  • Sample

    230508-qsewgscf4y

  • MD5

    435738f35c2bc815fa7186e07ccbd6cb

  • SHA1

    2ad7e8fcbe8f7db3a33c61889cf5e56a48b49dbf

  • SHA256

    c8a2e6686c66c2e7b85cd17c5af1aab79c48abdd6f756bbf9ffd4c4eb0ab77cd

  • SHA512

    a2ded3dd4924d3acc451d7b26bad2ad847c8e2afb3d753c7a93756eab17bf776266bcd1c44cd9a7718f3a37ac90888f409c98aeca73a3333fde70c61cad986d8

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

194.87.151.125:7399

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      c8a2e6686c66c2e7b85cd17c5af1aab79c48abdd6f756bbf9ffd4c4eb0ab77cd .vbs

    • Size

      783B

    • MD5

      435738f35c2bc815fa7186e07ccbd6cb

    • SHA1

      2ad7e8fcbe8f7db3a33c61889cf5e56a48b49dbf

    • SHA256

      c8a2e6686c66c2e7b85cd17c5af1aab79c48abdd6f756bbf9ffd4c4eb0ab77cd

    • SHA512

      a2ded3dd4924d3acc451d7b26bad2ad847c8e2afb3d753c7a93756eab17bf776266bcd1c44cd9a7718f3a37ac90888f409c98aeca73a3333fde70c61cad986d8

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks