General
-
Target
sample.ppt
-
Size
224KB
-
Sample
210305-v3pe2f2w5s
-
MD5
f93b770274956fb4b09e4962a45c32da
-
SHA1
8e295f26e68ea595aaee521db9d29d39425ffbb1
-
SHA256
56dd6d0c5eacf5a7ec7233c4acb4cf97df95f66ed5d4d4880dca62f6b4b27a69
-
SHA512
98856b284df590ec1bf8e4edeab529315a3115a9f7d1a277328fa6ad4fcf25fa120b814a5714148df05386ff4d738523b3bec1617745631a766efab5cf95ced0
Static task
static1
Behavioral task
behavioral1
Sample
sample.ppt
Resource
win7v20201028
Behavioral task
behavioral2
Sample
sample.ppt
Resource
win10v20201028
Malware Config
Extracted
asyncrat
0.5.7B
micomico.ddns.net:4000
AsyncMutex_6SI8OkPnk
-
aes_key
xHd6d9DzQMkRsJZC7bi0eTRsEMK6w0Yc
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
2021comecou@$gringoooooobrabao
-
host
micomico.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
4000
-
version
0.5.7B
Targets
-
-
Target
sample.ppt
-
Size
224KB
-
MD5
f93b770274956fb4b09e4962a45c32da
-
SHA1
8e295f26e68ea595aaee521db9d29d39425ffbb1
-
SHA256
56dd6d0c5eacf5a7ec7233c4acb4cf97df95f66ed5d4d4880dca62f6b4b27a69
-
SHA512
98856b284df590ec1bf8e4edeab529315a3115a9f7d1a277328fa6ad4fcf25fa120b814a5714148df05386ff4d738523b3bec1617745631a766efab5cf95ced0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Adds Run key to start application
-