General
-
Target
Inquiry 24 FEB 2022.doc
-
Size
10KB
-
Sample
220224-jjn98sccd5
-
MD5
657289d8ae04dadd13f446b97e7f23ae
-
SHA1
b75268f3acabd538a37c004830c6c5a9bd07af57
-
SHA256
f865adf4b5445985e0814ce70cc9b32701f1640de72f0facd385e1a5c549bae2
-
SHA512
9cb856069fcda83e8dabf9ffddc15bc4f967791f7d01e4ba5ebc68da7cffc33af721714a50671d1ca7222018e2541efab40724df5f96969819a961642211dd68
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry 24 FEB 2022.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Inquiry 24 FEB 2022.rtf
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
1
212.193.30.54:8755
gyQ12!.,=FD7trew
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Inquiry 24 FEB 2022.doc
-
Size
10KB
-
MD5
657289d8ae04dadd13f446b97e7f23ae
-
SHA1
b75268f3acabd538a37c004830c6c5a9bd07af57
-
SHA256
f865adf4b5445985e0814ce70cc9b32701f1640de72f0facd385e1a5c549bae2
-
SHA512
9cb856069fcda83e8dabf9ffddc15bc4f967791f7d01e4ba5ebc68da7cffc33af721714a50671d1ca7222018e2541efab40724df5f96969819a961642211dd68
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-