General
-
Target
Factura 0000000065.xll
-
Size
638KB
-
Sample
220222-j1kndaedf6
-
MD5
a673f1b64b97384cdb86e148a94188e8
-
SHA1
2f924ea70a3a8c7b3c5808af437cb895f90f588a
-
SHA256
4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539
-
SHA512
0eaaf0d09a828b7289e75e3c92bfb70b5a168031b7670f6eb6c74a0104b448b58f9bb30a09295141e23d0ea60b4571d9f0b220b4e61c38fd81197fc31e254002
Static task
static1
Behavioral task
behavioral1
Sample
Factura 0000000065.xll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Factura 0000000065.xll
Resource
win10v2004-en-20220112
Malware Config
Extracted
asyncrat
0.5.7B
1
212.193.30.54:8755
gyQ12!.,=FD7trew
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Factura 0000000065.xll
-
Size
638KB
-
MD5
a673f1b64b97384cdb86e148a94188e8
-
SHA1
2f924ea70a3a8c7b3c5808af437cb895f90f588a
-
SHA256
4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539
-
SHA512
0eaaf0d09a828b7289e75e3c92bfb70b5a168031b7670f6eb6c74a0104b448b58f9bb30a09295141e23d0ea60b4571d9f0b220b4e61c38fd81197fc31e254002
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-