General
-
Target
c8a2e6686c66c2e7b85cd17c5af1aab79c48abdd6f756bbf9ffd4c4eb0ab77cd .vbs
-
Size
783B
-
Sample
230508-qsewgscf4y
-
MD5
435738f35c2bc815fa7186e07ccbd6cb
-
SHA1
2ad7e8fcbe8f7db3a33c61889cf5e56a48b49dbf
-
SHA256
c8a2e6686c66c2e7b85cd17c5af1aab79c48abdd6f756bbf9ffd4c4eb0ab77cd
-
SHA512
a2ded3dd4924d3acc451d7b26bad2ad847c8e2afb3d753c7a93756eab17bf776266bcd1c44cd9a7718f3a37ac90888f409c98aeca73a3333fde70c61cad986d8
Static task
static1
Behavioral task
behavioral1
Sample
c8a2e6686c66c2e7b85cd17c5af1aab79c48abdd6f756bbf9ffd4c4eb0ab77cd .vbs
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
194.87.151.125:7399
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
c8a2e6686c66c2e7b85cd17c5af1aab79c48abdd6f756bbf9ffd4c4eb0ab77cd .vbs
-
Size
783B
-
MD5
435738f35c2bc815fa7186e07ccbd6cb
-
SHA1
2ad7e8fcbe8f7db3a33c61889cf5e56a48b49dbf
-
SHA256
c8a2e6686c66c2e7b85cd17c5af1aab79c48abdd6f756bbf9ffd4c4eb0ab77cd
-
SHA512
a2ded3dd4924d3acc451d7b26bad2ad847c8e2afb3d753c7a93756eab17bf776266bcd1c44cd9a7718f3a37ac90888f409c98aeca73a3333fde70c61cad986d8
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-