General
-
Target
Zakaz na pokupku 21-10-2021.doc
-
Size
4KB
-
Sample
211021-wkp95sbeap
-
MD5
e205f10f887754bd65281f14c25c0f21
-
SHA1
b356aab56ba5eb993326e4ede7e254e7181aa165
-
SHA256
5d77fcbee204c6b9fea6ec4bda5216714e2e46f4247f673956e64e36a9c3424d
-
SHA512
cd43d1cb4193ef5aa4f77a290e186a4e87d55f42a61b502cbc2beeb2044613855e82553effca9f6bcda5cd4174c8c0ce6989774530c3b68c7a612ba26c2ef0a2
Static task
static1
Behavioral task
behavioral1
Sample
Zakaz na pokupku 21-10-2021.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Zakaz na pokupku 21-10-2021.doc
Resource
win10-en-20211014
Malware Config
Extracted
asyncrat
0.5.7B
1
185.157.160.136:1973
df4Rtg34dFjwr7ujp3
-
anti_vm
false
-
bsod
false
-
delay
38
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Zakaz na pokupku 21-10-2021.doc
-
Size
4KB
-
MD5
e205f10f887754bd65281f14c25c0f21
-
SHA1
b356aab56ba5eb993326e4ede7e254e7181aa165
-
SHA256
5d77fcbee204c6b9fea6ec4bda5216714e2e46f4247f673956e64e36a9c3424d
-
SHA512
cd43d1cb4193ef5aa4f77a290e186a4e87d55f42a61b502cbc2beeb2044613855e82553effca9f6bcda5cd4174c8c0ce6989774530c3b68c7a612ba26c2ef0a2
-
BitRAT Payload
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-