Overview

overview

10

Static

static

1

test.vbs

windows7-x64

8

test.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.vbs

  • Size

    633B

  • Sample

    250103-ax2ytaskat

  • MD5

    8442b0a561a39e4d82b56835c5b666ef

  • SHA1

    f1e116a9e31e0b5e66be020bb75d0cd40d3a9840

  • SHA256

    e91990a5e2167c5d030656420a5cc77e10af179c43243da11a99e4286b0dcec3

  • SHA512

    c26b3785aba0147e166632023c83c6568811c9d74f5747a78f772f3b891faedc0731abcf29cda634cde265f8bb8699fccad775eff3b45f76c0c3a29fa694570c

Score
10/10
asyncratgdfjbxc9asdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

GDFjbxc9as

Mutex

Gx0edRwRzsDs0gzwQ

Attributes
  • delay

    1

  • install

    true

  • install_file

    GoogleUpdates.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/QLnQD5yh

aes.plain

Targets

    • Target

      test.vbs

    • Size

      633B

    • MD5

      8442b0a561a39e4d82b56835c5b666ef

    • SHA1

      f1e116a9e31e0b5e66be020bb75d0cd40d3a9840

    • SHA256

      e91990a5e2167c5d030656420a5cc77e10af179c43243da11a99e4286b0dcec3

    • SHA512

      c26b3785aba0147e166632023c83c6568811c9d74f5747a78f772f3b891faedc0731abcf29cda634cde265f8bb8699fccad775eff3b45f76c0c3a29fa694570c

    Score
    10/10
    asyncratgdfjbxc9asdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks