General
-
Target
Anfrage Schweiz.doc
-
Size
3KB
-
Sample
220210-vza84aafak
-
MD5
4c7380ca7d98489df3ca858c2e39127f
-
SHA1
cfcf194ed9a7c4ef48201b062186bf6b7e793b2c
-
SHA256
2200158c41a2516e208d5b1c730dd422537334e9712d0c350810d11b26b6fc65
-
SHA512
0b093dbe35462e05b36a8cbb444024a48c8e562974de3b6e19a1da40a5fcb76f193e125464cd725d2a32c8050d1cc6cba38f42ba710ab907971381e2b65bcaa9
Static task
static1
Behavioral task
behavioral1
Sample
Anfrage Schweiz.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Anfrage Schweiz.rtf
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
1
212.193.30.54:8754
gyQ12!.,=FDpsdf2_@
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Anfrage Schweiz.doc
-
Size
3KB
-
MD5
4c7380ca7d98489df3ca858c2e39127f
-
SHA1
cfcf194ed9a7c4ef48201b062186bf6b7e793b2c
-
SHA256
2200158c41a2516e208d5b1c730dd422537334e9712d0c350810d11b26b6fc65
-
SHA512
0b093dbe35462e05b36a8cbb444024a48c8e562974de3b6e19a1da40a5fcb76f193e125464cd725d2a32c8050d1cc6cba38f42ba710ab907971381e2b65bcaa9
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-