General
-
Target
177.xlsx
-
Size
176KB
-
Sample
220705-pf2ztaahf5
-
MD5
5ffe37b62296142c38cd3660a5c15351
-
SHA1
472afded700a957d3a862cc49c0a7519092d00fb
-
SHA256
d9c6ae4ceb7ede24afeb4c598e3fef327002b6583272a4fa07ba868578d3d62a
-
SHA512
85f3b64ebe22cf5fa505c6f0611745146a45c91a20ff22761174d101d02d0851af381491df485f431e639f45ed734ada373043cb76ccda302a6a9289b1a36f97
Static task
static1
Behavioral task
behavioral1
Sample
177.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
177.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
37.0.14.204:2022
37.0.14.204:2019
37.0.14.204:5631
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
177.xlsx
-
Size
176KB
-
MD5
5ffe37b62296142c38cd3660a5c15351
-
SHA1
472afded700a957d3a862cc49c0a7519092d00fb
-
SHA256
d9c6ae4ceb7ede24afeb4c598e3fef327002b6583272a4fa07ba868578d3d62a
-
SHA512
85f3b64ebe22cf5fa505c6f0611745146a45c91a20ff22761174d101d02d0851af381491df485f431e639f45ed734ada373043cb76ccda302a6a9289b1a36f97
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-