Overview

overview

10

Static

static

1

23052024_1...AL.vbs

windows7-x64

10

23052024_1...AL.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23052024_1336_SISTEMA DE DENUNCIA VIRTUAL.vbs

  • Size

    1.9MB

  • Sample

    240523-qwm19sda3y

  • MD5

    f86fb7345ac89dc3869f3537daab76bf

  • SHA1

    9b20bac5d8749b33c41388b7fc463d88bfc27ccb

  • SHA256

    ba58d6dc439454f2c37f8658c1d0b61446a3cf9aea0e22916e1ee5a4a396cbb9

  • SHA512

    b993ef1bfef599871b1cb4ba94a556d456fe80663db32702fe3727ad6e72c2421799781a1b4afb2a1a1904e896de0e236269d8f8bd6a67bdd45c90c92d631695

  • SSDEEP

    768:hRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRz/:DAc

Score
10/10
asyncratdefaultexecutionrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://pasteio.com/download/xDy3ge3eELDi

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

febrerososte.duckdns.org:2020

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      23052024_1336_SISTEMA DE DENUNCIA VIRTUAL.vbs

    • Size

      1.9MB

    • MD5

      f86fb7345ac89dc3869f3537daab76bf

    • SHA1

      9b20bac5d8749b33c41388b7fc463d88bfc27ccb

    • SHA256

      ba58d6dc439454f2c37f8658c1d0b61446a3cf9aea0e22916e1ee5a4a396cbb9

    • SHA512

      b993ef1bfef599871b1cb4ba94a556d456fe80663db32702fe3727ad6e72c2421799781a1b4afb2a1a1904e896de0e236269d8f8bd6a67bdd45c90c92d631695

    • SSDEEP

      768:hRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRz/:DAc

    Score
    10/10
    executionasyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks