Extracted

• • Target

    Tax_Documents.docx

  • Size

    290KB

  • MD5

    e7bc410788af86fe5e41695dd0ae308b

  • SHA1

    8d9f55c90db961ea66993fd03e148b0dc9bcec5b

  • SHA256

    8056c874a9bc6c2204ab4ea45a6f0ef4f2de0302e367695fdfd3599e4509df55

  • SHA512

    2cd785643c49bd7ec7939e2684d9c4d12168d68df8ad554f2a6fcf9908cbd6fda8bc96d85c5828c8cd6085505a9b4348e031a74d30dc22ba9aee818b4e80d320

  Score

  10^/10

  asyncratwarzoneratinfostealerrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Async RAT payload

    rat

  • Warzone RAT Payload

    rat

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2