General
-
Target
7623_output.vbs
-
Size
203KB
-
Sample
241224-x3gldsvnbj
-
MD5
0277c2765732f368a0b5260a2f100d5f
-
SHA1
88b89fa52c3ef01f500c62eaa5d420e51bcd2eb3
-
SHA256
20dd257e3dc3a5a45a864ae9de7e13e0800007b1241a5c4bc104a0ba69d9dcf3
-
SHA512
f11d1b42e1b1255044eb3dcbf3f625506174600c2f36f06847f050cafea8d5001506b34b3beafe5352b925b5dc873af9523aaab83bafde8db9177fa281b1371b
-
SSDEEP
1536:abfH0KjpWwyBGjb59fSpcnZmDf+c+CMG3892XEtSPeVDr+HeOubxS8fddN:a7H0KjppKkJSSuf+c+Zo/cP+0bxS81T
Static task
static1
Malware Config
Extracted
asyncrat
0.5.8
Default
jt8iyre.localto.net:2101
jt8iyre.localto.net:55644
E0GLVPl3iUqi
-
delay
3
-
install
false
-
install_file
winserve.exe
-
install_folder
%AppData%
Targets
-
-
Target
7623_output.vbs
-
Size
203KB
-
MD5
0277c2765732f368a0b5260a2f100d5f
-
SHA1
88b89fa52c3ef01f500c62eaa5d420e51bcd2eb3
-
SHA256
20dd257e3dc3a5a45a864ae9de7e13e0800007b1241a5c4bc104a0ba69d9dcf3
-
SHA512
f11d1b42e1b1255044eb3dcbf3f625506174600c2f36f06847f050cafea8d5001506b34b3beafe5352b925b5dc873af9523aaab83bafde8db9177fa281b1371b
-
SSDEEP
1536:abfH0KjpWwyBGjb59fSpcnZmDf+c+CMG3892XEtSPeVDr+HeOubxS8fddN:a7H0KjppKkJSSuf+c+Zo/cP+0bxS81T
-
Asyncrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-