General
-
Target
justificantes anticipos.xlsx
-
Size
228KB
-
Sample
211116-r1zfjaeca3
-
MD5
0f90a8b479829e0c19abc92b17a6a27f
-
SHA1
683a157e611f489df9355f97d0bb1adcde7dd7d1
-
SHA256
9c853e5a73997e25ef20fcf2207ce105c05272943973eae6921d317ca2e84186
-
SHA512
a6d8cfe021b003e58f7983574000e948b88bbb4897d93f2fc118f245aca2ad702a2b8af93caa31bf22f50f762377c6f8cbd47fcb6d1d8cfded21105145d54566
Static task
static1
Behavioral task
behavioral1
Sample
justificantes anticipos.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
justificantes anticipos.xlsx
Resource
win10-en-20211104
Malware Config
Extracted
asyncrat
1.0.7
Default
202.55.133.118:5200
DcRatMutex_qwqdanchun
-
anti_vm
false
-
bsod
false
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
justificantes anticipos.xlsx
-
Size
228KB
-
MD5
0f90a8b479829e0c19abc92b17a6a27f
-
SHA1
683a157e611f489df9355f97d0bb1adcde7dd7d1
-
SHA256
9c853e5a73997e25ef20fcf2207ce105c05272943973eae6921d317ca2e84186
-
SHA512
a6d8cfe021b003e58f7983574000e948b88bbb4897d93f2fc118f245aca2ad702a2b8af93caa31bf22f50f762377c6f8cbd47fcb6d1d8cfded21105145d54566
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-