General
-
Target
25022025_1548_Swiftcopy_MT103_Balance_Payment_Confirm_Reference000000000000000000000000_pdf.vbs.zip
-
Size
40KB
-
Sample
250225-s8ypmstpx5
-
MD5
81a953d1ba9c1899b45d3193dc7ec3bc
-
SHA1
80863dd0ef35c2eb8f398e3918b49e35053ee6a7
-
SHA256
f356475608d51af913f6b81609564b19e47f23b30aebde8944867a21d07d9103
-
SHA512
44a92ee89586308db51f48346bffccd4361b04e288b5109ce02c08ea8422161ff90549a7cd3512ae78f0c5dcaccc2acf041e792bf16f47ba8e5f18309702258c
-
SSDEEP
768:qgqdQJxPN8NYd8SCQHCLV/+iwoMdBfjSiRQLIn6ooKvKs388e:qXd0xPN8NYdBCQHCLVWDoMdBBQSo08D
Malware Config
Extracted
asyncrat
0.5.8
Default
billionairewealthz.duckdns.org:3880
billionairewealthz.duckdns.org:3890
billionairebankz.duckdns.org:3880
billionairebankz.duckdns.org:3890
tricodersbankz.freemyip.com:3880
tricodersbankz.freemyip.com:3890
Btu9FjkpB23b
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Swiftcopy_MT103_Balance_Payment_Confirm_Reference000000000000000000000000_pdf.vbs
-
Size
78KB
-
MD5
7d6d78a570ec3a06ed4951b100bae952
-
SHA1
2e10134fc256a1bfe57862f69c83fc7f93949897
-
SHA256
79d97c2eba527a05d8cda6cec044210589b077f52e421753680d60c43307cf2c
-
SHA512
4508aff8dac72984d66f3eb5ef4eac52f120428a9fa9c0e278fa6f0284aa3a1b88dc88842732855e508ecbfa5ef437a21f01a65b992031f62c892123414377b9
-
SSDEEP
1536:+GZt0fSE6gUXAXbAiCsj9O4THNXQ4evC65EmJx7gjGSq2FjqGJDvHA/goVP8nJ:+xbv44DNXQxvC66oxiq9+Dvyg2P8nJ
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-