General
-
Target
Pratka Econt 5300133634052.doc
-
Size
11KB
-
Sample
220224-vxj38aeffq
-
MD5
c13fb5c2889ecf291ba719fa5e598a8d
-
SHA1
df34705ab05381172150afa03f04ca090427f7f5
-
SHA256
30fb07f3d0ff5583e496de2b238d75ef42ced2f66d9f9459e3f26ee87c5d85ce
-
SHA512
7ce06e898ff9b77fbb7988266a81b88e899d4ab568c22bce47d2765a3207e82c6e8db8dd3db1f5aecbc5eb9497b9b4b246ae2cc07749f931a353976245414df0
Static task
static1
Behavioral task
behavioral1
Sample
Pratka Econt 5300133634052.rtf
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
Pratka Econt 5300133634052.rtf
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
1
212.193.30.54:8755
gyQ12!.,=FD7trew
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Pratka Econt 5300133634052.doc
-
Size
11KB
-
MD5
c13fb5c2889ecf291ba719fa5e598a8d
-
SHA1
df34705ab05381172150afa03f04ca090427f7f5
-
SHA256
30fb07f3d0ff5583e496de2b238d75ef42ced2f66d9f9459e3f26ee87c5d85ce
-
SHA512
7ce06e898ff9b77fbb7988266a81b88e899d4ab568c22bce47d2765a3207e82c6e8db8dd3db1f5aecbc5eb9497b9b4b246ae2cc07749f931a353976245414df0
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Suspicious use of SetThreadContext
-