General
-
Target
Fancourier 09032200754RO.doc
-
Size
9KB
-
Sample
220314-xemgqsbad8
-
MD5
afaba454894f4a81bd7bddab3deec9f2
-
SHA1
f781efbf3b7270e429a79e7410db0b1c62a502e2
-
SHA256
0ee87c38a46c1e2c3e7d21e0108b12b78b2083eee3bb9beee031fcd6340d3632
-
SHA512
931e8c92a64501439b002400cd1d38392c44fd7a4819796d0aebe06f5a9f612d0da74048217c3ab53cf92a14be260732971560646a1701bf49c5b8171ef3a72a
Static task
static1
Behavioral task
behavioral1
Sample
Fancourier 09032200754RO.rtf
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Fancourier 09032200754RO.rtf
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
2
212.193.30.54:9524
wyQ92!.,=FT72few
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Fancourier 09032200754RO.doc
-
Size
9KB
-
MD5
afaba454894f4a81bd7bddab3deec9f2
-
SHA1
f781efbf3b7270e429a79e7410db0b1c62a502e2
-
SHA256
0ee87c38a46c1e2c3e7d21e0108b12b78b2083eee3bb9beee031fcd6340d3632
-
SHA512
931e8c92a64501439b002400cd1d38392c44fd7a4819796d0aebe06f5a9f612d0da74048217c3ab53cf92a14be260732971560646a1701bf49c5b8171ef3a72a
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-