General
-
Target
Fancourier 09032200754RO.doc
-
Size
8KB
-
Sample
220318-l1nfdahddk
-
MD5
dd0d255c24c4f4b30476e4436e8da481
-
SHA1
18ab850d4541e49d22283ce6eccb2982e1d9be9c
-
SHA256
0c13d115f03d22b2d047060e7bad6484849cca98041dc449630e34a7f56b9afe
-
SHA512
ca464f745f276f4ffbaab7c729fe444b050a699ed1af84ca9ceb2c5c42cb5c76fcccc310bfd1d629175ea46d6b04e28b920603d3bf309a6f14ed903e7f613ecf
Static task
static1
Behavioral task
behavioral1
Sample
Fancourier 09032200754RO.rtf
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Fancourier 09032200754RO.rtf
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
2
212.193.30.54:9524
wyQ92!.,=FT72few
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Fancourier 09032200754RO.doc
-
Size
8KB
-
MD5
dd0d255c24c4f4b30476e4436e8da481
-
SHA1
18ab850d4541e49d22283ce6eccb2982e1d9be9c
-
SHA256
0c13d115f03d22b2d047060e7bad6484849cca98041dc449630e34a7f56b9afe
-
SHA512
ca464f745f276f4ffbaab7c729fe444b050a699ed1af84ca9ceb2c5c42cb5c76fcccc310bfd1d629175ea46d6b04e28b920603d3bf309a6f14ed903e7f613ecf
Score10/10-
Async RAT payload
-
AsyncRAT
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-