General
-
Target
Fancourier 09032200754RO.doc
-
Size
12KB
-
Sample
220315-rf5rtacdh4
-
MD5
881bdb65541039b84660ea9110721e8b
-
SHA1
006488987324324f2b89dd58c743d86a29f91ec6
-
SHA256
9d4dde887284965c3da6bcacaaf612544dc56fa72898d10d1028b006023bcf26
-
SHA512
e3d214a26fb1bedd33eafa31fb2b9b3dc8f1900015c2014177c383ef05878f6cea5dc1a277ee5d685d1127bda7ea7dbd007ca2579447a80ac876831809a2b43f
Static task
static1
Behavioral task
behavioral1
Sample
Fancourier 09032200754RO.rtf
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Fancourier 09032200754RO.rtf
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
2
212.193.30.54:9524
wyQ92!.,=FT72few
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Fancourier 09032200754RO.doc
-
Size
12KB
-
MD5
881bdb65541039b84660ea9110721e8b
-
SHA1
006488987324324f2b89dd58c743d86a29f91ec6
-
SHA256
9d4dde887284965c3da6bcacaaf612544dc56fa72898d10d1028b006023bcf26
-
SHA512
e3d214a26fb1bedd33eafa31fb2b9b3dc8f1900015c2014177c383ef05878f6cea5dc1a277ee5d685d1127bda7ea7dbd007ca2579447a80ac876831809a2b43f
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-