General
-
Target
Doc#27350.doc
-
Size
343KB
-
Sample
220704-wzas1acfc8
-
MD5
85023e48359b4e870cbed0b920b79700
-
SHA1
db4e114dfabeda0a1a903cbe8ba74d0c657a2468
-
SHA256
8db7e417fd4e3745b61868559ebad0429ca000d0dc5db7f24ab256f7e62d0b86
-
SHA512
001c726a71704b348a0878811a93d078e1b639c6b6d131914de48f4c0a33ddfdf26be70840c8055a8c59735ca1017cc6d9c8c421a44f4ff1a697d762c49f195b
Static task
static1
Behavioral task
behavioral1
Sample
Doc#27350.rtf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Doc#27350.rtf
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Eloasync
91.192.100.7:8282
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
images.exe
-
install_folder
%AppData%
Targets
-
-
Target
Doc#27350.doc
-
Size
343KB
-
MD5
85023e48359b4e870cbed0b920b79700
-
SHA1
db4e114dfabeda0a1a903cbe8ba74d0c657a2468
-
SHA256
8db7e417fd4e3745b61868559ebad0429ca000d0dc5db7f24ab256f7e62d0b86
-
SHA512
001c726a71704b348a0878811a93d078e1b639c6b6d131914de48f4c0a33ddfdf26be70840c8055a8c59735ca1017cc6d9c8c421a44f4ff1a697d762c49f195b
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-