General
-
Target
Inquiry 14 MARCH 2022.doc
-
Size
8KB
-
Sample
220314-xf75tsbaf2
-
MD5
7e923f9ed71605c75cec4a39d9ae9115
-
SHA1
e298bd1e7090016119eb69d8eaa158b04046026a
-
SHA256
a78f33c16f2dda006e42cd86aa82adb522c24c9bd2c7583c70007a8a58649b07
-
SHA512
e5371b267ba5c87c2cf3eb9f1b0ad26dbaee15bbe150af3a4537555a9235fe7dfde85d36d48515b149f8911d46970abd9a0160d17d264c8bf95cce768ba34796
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry 14 MARCH 2022.rtf
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Inquiry 14 MARCH 2022.rtf
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
2
212.193.30.54:9524
wyQ92!.,=FT72few
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Inquiry 14 MARCH 2022.doc
-
Size
8KB
-
MD5
7e923f9ed71605c75cec4a39d9ae9115
-
SHA1
e298bd1e7090016119eb69d8eaa158b04046026a
-
SHA256
a78f33c16f2dda006e42cd86aa82adb522c24c9bd2c7583c70007a8a58649b07
-
SHA512
e5371b267ba5c87c2cf3eb9f1b0ad26dbaee15bbe150af3a4537555a9235fe7dfde85d36d48515b149f8911d46970abd9a0160d17d264c8bf95cce768ba34796
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-