Overview

overview

10

Static

static

1

windows.vbs

windows7-x64

10

windows.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    windows.vbs

  • Size

    897KB

  • Sample

    240523-t2j4cahb7s

  • MD5

    5964d98cf06acef50055252add1acc74

  • SHA1

    4fc5206d256394d7e6c9b3fb648bad6e0f714058

  • SHA256

    ca073831a8671f0d5cc9f0149c43b58be3d92b4a7b5a39235b1547acd2e5de28

  • SHA512

    9477633a7073c2753c1df75b6321d8d1b43158c83607e5f0fab69463fb67602eaae708b0c27c0087185cd46c90f9024ac4ded03a38cf91c8154cc771c9a3d29a

  • SSDEEP

    12288:qzTzUyR7hSRac+qkLmttaGgMskgqoiMHsp9NH:UXh+k+taGKqoJONH

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

dhhj.duckdns.org:8797

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      windows.vbs

    • Size

      897KB

    • MD5

      5964d98cf06acef50055252add1acc74

    • SHA1

      4fc5206d256394d7e6c9b3fb648bad6e0f714058

    • SHA256

      ca073831a8671f0d5cc9f0149c43b58be3d92b4a7b5a39235b1547acd2e5de28

    • SHA512

      9477633a7073c2753c1df75b6321d8d1b43158c83607e5f0fab69463fb67602eaae708b0c27c0087185cd46c90f9024ac4ded03a38cf91c8154cc771c9a3d29a

    • SSDEEP

      12288:qzTzUyR7hSRac+qkLmttaGgMskgqoiMHsp9NH:UXh+k+taGKqoJONH

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks