General
-
Target
UH6AS_4698_output.vbs
-
Size
203KB
-
Sample
241227-3ymvhasnck
-
MD5
4b6a750839856ab620fbdfc0250b3efd
-
SHA1
95474dd9bcf969c408911fa7500dc3ccc6416596
-
SHA256
41e24d66f8bb13b08c6a41c4b4a2cbd52056edd2a17bec6f30fe3838db6d1f2d
-
SHA512
0ce01f73301a57ca6dfacd135705f8662ba2cdd390da4afb0f9af27135f494da93d24fe5489a92de0f50766c63cef6b13db1095751f4c9f22f52d7aad87f8357
-
SSDEEP
1536:abfH0Kj6qf7ANcXh5/vLQbFj7zy4XGCeehA5ID0ZG5xwzA7nogV6EAmqZlJ2B:a7H0Kj6iEij49XGCecA25qgoOilJo
Static task
static1
Behavioral task
behavioral1
Sample
UH6AS_4698_output.vbs
Resource
win7-20241010-en
Malware Config
Extracted
asyncrat
0.5.8
Default
87.120.113.125:2101
87.120.113.125:55644
E0GLVPl3iUqi
-
delay
3
-
install
false
-
install_file
winserve.exe
-
install_folder
%AppData%
Targets
-
-
Target
UH6AS_4698_output.vbs
-
Size
203KB
-
MD5
4b6a750839856ab620fbdfc0250b3efd
-
SHA1
95474dd9bcf969c408911fa7500dc3ccc6416596
-
SHA256
41e24d66f8bb13b08c6a41c4b4a2cbd52056edd2a17bec6f30fe3838db6d1f2d
-
SHA512
0ce01f73301a57ca6dfacd135705f8662ba2cdd390da4afb0f9af27135f494da93d24fe5489a92de0f50766c63cef6b13db1095751f4c9f22f52d7aad87f8357
-
SSDEEP
1536:abfH0Kj6qf7ANcXh5/vLQbFj7zy4XGCeehA5ID0ZG5xwzA7nogV6EAmqZlJ2B:a7H0Kj6iEij49XGCecA25qgoOilJo
-
Asyncrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-