General
-
Target
41eb6115196af3892e27dba0a38c0376900f7d96b0e5721e4383b5e75d7379e7.vbs
-
Size
112KB
-
Sample
241002-dwxt9avcll
-
MD5
f182482644ecb63bbc8c1dac4fa0be31
-
SHA1
e946d969c0f37ae9b56d4851fd1f3dfa79f3c4a9
-
SHA256
41eb6115196af3892e27dba0a38c0376900f7d96b0e5721e4383b5e75d7379e7
-
SHA512
f5e1cbe338fb5252a00068a7dcd119f91b5a8d5e766725c609e3a68f1f02c91cc4dabf70ae88457c005f8d8ef592f34336f7e087de2514d6d3b26f4cce04a60e
-
SSDEEP
768:aNLgVRXrFjNlww2JSTnnLIJhG/Hqgt5pDt5j2GwgvxXy7yPcbE:qqXJZ6STnLIJh8qgt5pz2GwgvxXy73Q
Malware Config
Extracted
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
Extracted
asyncrat
1.0.7
KLLL
148.113.165.11:3236
Dggx_gg
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
41eb6115196af3892e27dba0a38c0376900f7d96b0e5721e4383b5e75d7379e7.vbs
-
Size
112KB
-
MD5
f182482644ecb63bbc8c1dac4fa0be31
-
SHA1
e946d969c0f37ae9b56d4851fd1f3dfa79f3c4a9
-
SHA256
41eb6115196af3892e27dba0a38c0376900f7d96b0e5721e4383b5e75d7379e7
-
SHA512
f5e1cbe338fb5252a00068a7dcd119f91b5a8d5e766725c609e3a68f1f02c91cc4dabf70ae88457c005f8d8ef592f34336f7e087de2514d6d3b26f4cce04a60e
-
SSDEEP
768:aNLgVRXrFjNlww2JSTnnLIJhG/Hqgt5pDt5j2GwgvxXy7yPcbE:qqXJZ6STnLIJh8qgt5pz2GwgvxXy73Q
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-