General
-
Target
Pratka Econt 5300133634052.doc
-
Size
12KB
-
Sample
220223-svrdeabhem
-
MD5
b05bf67b8b2bf8f784d43aa9b51f5336
-
SHA1
720e2c6b17b784db0a1424f998c5b9e698628dcf
-
SHA256
1e2fdb811fe57821ee77f20c66996c8a52c64cd819326bf92f94976ed190d811
-
SHA512
36c19b8c9e3dfcab7183caa20534e87333c4c1679eed225d28e7b78f52999c031be125a503dc589084ecd389e06d960c9d89284561f69335c642f8c2112e71d3
Static task
static1
Behavioral task
behavioral1
Sample
Pratka Econt 5300133634052.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Pratka Econt 5300133634052.rtf
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
1
212.193.30.54:8755
gyQ12!.,=FD7trew
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Pratka Econt 5300133634052.doc
-
Size
12KB
-
MD5
b05bf67b8b2bf8f784d43aa9b51f5336
-
SHA1
720e2c6b17b784db0a1424f998c5b9e698628dcf
-
SHA256
1e2fdb811fe57821ee77f20c66996c8a52c64cd819326bf92f94976ed190d811
-
SHA512
36c19b8c9e3dfcab7183caa20534e87333c4c1679eed225d28e7b78f52999c031be125a503dc589084ecd389e06d960c9d89284561f69335c642f8c2112e71d3
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-