General
-
Target
7254_output.vbs
-
Size
203KB
-
Sample
241222-yylvzsxnd1
-
MD5
02081ae0dbab5cbb3ba6fb3d316bb850
-
SHA1
0b422b950e717427ec53709384b214433871f78b
-
SHA256
f93f8db130adb1cb891c6a8591d1c2f518a4ba3d5aed98d1e7b530030b0297bb
-
SHA512
7ae8c0859f25c7cecaa0be83d5ac99d20bde7287ef1f49ddd3114d4683c8ec05a2947f0c0d27b62ea5b4b0764d6ae0a104ffa7d6d84a46b1bd0ecb1eac9d718d
-
SSDEEP
1536:abfH0KjxZkPuIqVvsPX9ZvPcL6pVIxQz4EEmgEUUQt7xLVCf:a7H0KjYSds/9ZXCnjIK7pV2
Static task
static1
Behavioral task
behavioral1
Sample
7254_output.vbs
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
7254_output.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
7254_output.vbs
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
asyncrat
0.5.8
Default
jt8iyre.localto.net:2101
jt8iyre.localto.net:55644
AbAUwI3PK3e3
-
delay
3
-
install
false
-
install_file
winserve.exe
-
install_folder
%AppData%
Targets
-
-
Target
7254_output.vbs
-
Size
203KB
-
MD5
02081ae0dbab5cbb3ba6fb3d316bb850
-
SHA1
0b422b950e717427ec53709384b214433871f78b
-
SHA256
f93f8db130adb1cb891c6a8591d1c2f518a4ba3d5aed98d1e7b530030b0297bb
-
SHA512
7ae8c0859f25c7cecaa0be83d5ac99d20bde7287ef1f49ddd3114d4683c8ec05a2947f0c0d27b62ea5b4b0764d6ae0a104ffa7d6d84a46b1bd0ecb1eac9d718d
-
SSDEEP
1536:abfH0KjxZkPuIqVvsPX9ZvPcL6pVIxQz4EEmgEUUQt7xLVCf:a7H0KjYSds/9ZXCnjIK7pV2
-
Asyncrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-