General
-
Target
Fancourier 09032200754RO.doc
-
Size
11KB
-
Sample
220311-vp3wcsddgq
-
MD5
61d865a3146022839c682c6129f33c18
-
SHA1
d016f606309a92544592573efc2ed061338464fe
-
SHA256
7d8c96446f4daba6698edbcd0bfb673afeda511922296470c9c1cf89db1f1ab3
-
SHA512
912bd1cd9103ac54246c0f430bc7379d22ffad2d6c4462221d22df95338ef40c7e0f5499bf0202c734820ffd98dba6f88e0951f9966a07bd5c93e92c09d9be42
Malware Config
Extracted
asyncrat
0.5.7B
2
212.193.30.54:9524
wyQ92!.,=FT72few
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Fancourier 09032200754RO.doc
-
Size
11KB
-
MD5
61d865a3146022839c682c6129f33c18
-
SHA1
d016f606309a92544592573efc2ed061338464fe
-
SHA256
7d8c96446f4daba6698edbcd0bfb673afeda511922296470c9c1cf89db1f1ab3
-
SHA512
912bd1cd9103ac54246c0f430bc7379d22ffad2d6c4462221d22df95338ef40c7e0f5499bf0202c734820ffd98dba6f88e0951f9966a07bd5c93e92c09d9be42
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-