General
-
Target
c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185
-
Size
16KB
-
Sample
220121-25mmmscda2
-
MD5
051a6d10f09ce1aa3e01c6df780a2afa
-
SHA1
45bb94b10a08ec7c1f6796c4ad3af44f03db2127
-
SHA256
c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185
-
SHA512
472d03411c2fc30316e58ad432db99bca5c71c173c59920bdd93d267150bf4d465d8e194ba139309530e7ee93dd739889a199c6faf0842b65e4887287a3139cd
Static task
static1
Behavioral task
behavioral1
Sample
c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185.docm
Resource
win7-en-20211208
Malware Config
Extracted
https://cdn.discordapp.com/attachments/744453703574224897/747399246788952064/AsyncClient.exe
Targets
-
-
Target
c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185
-
Size
16KB
-
MD5
051a6d10f09ce1aa3e01c6df780a2afa
-
SHA1
45bb94b10a08ec7c1f6796c4ad3af44f03db2127
-
SHA256
c9df97e0eda8b8ee3adc72d68798b6a6e25db8dc29b5e2383e2c80efc8097185
-
SHA512
472d03411c2fc30316e58ad432db99bca5c71c173c59920bdd93d267150bf4d465d8e194ba139309530e7ee93dd739889a199c6faf0842b65e4887287a3139cd
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-