General
-
Target
faktura 0975.doc
-
Size
3KB
-
Sample
210415-1w8ayhdjvn
-
MD5
62f9b4a0d977292a757f209c10d07c59
-
SHA1
2a10128913875339ce33a7790a8afc33299a651b
-
SHA256
81e9b0a91e38aca2347fbd1812c95be2e04a31444629244e1f7a64b84fec45e2
-
SHA512
e10369cc642b7af06d1c5ed8a32d3c52fb74dc5efac4b2d6bf6a63c8b4d144507d59c04e1df620b781780c55d3340ae16ba06f36a1a8cd1ac2c2c5f9e418decd
Static task
static1
Behavioral task
behavioral1
Sample
faktura 0975.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
faktura 0975.doc
Resource
win10v20210410
Malware Config
Extracted
asyncrat
0.5.7B
217.64.149.183:1975
AsyncMutex_6SI8OkPnk982
-
aes_key
HT9s6QmpqjJcWPeFvj9lPIjlcLXMQsOe
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
217.64.149.183
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk982
-
pastebin_config
null
-
port
1975
-
version
0.5.7B
Targets
-
-
Target
faktura 0975.doc
-
Size
3KB
-
MD5
62f9b4a0d977292a757f209c10d07c59
-
SHA1
2a10128913875339ce33a7790a8afc33299a651b
-
SHA256
81e9b0a91e38aca2347fbd1812c95be2e04a31444629244e1f7a64b84fec45e2
-
SHA512
e10369cc642b7af06d1c5ed8a32d3c52fb74dc5efac4b2d6bf6a63c8b4d144507d59c04e1df620b781780c55d3340ae16ba06f36a1a8cd1ac2c2c5f9e418decd
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-