General
-
Target
DOC_20221012_094045716.zip
-
Size
482KB
-
Sample
221015-mrqd2sfebk
-
MD5
8f9e62cd65fb0bbc8807f1906cbbbb71
-
SHA1
2811a521346d392a2c99e3c5877ab879b822dbf7
-
SHA256
7a1294dd26b7c726bc22f9771ca66d8ce6191bd6aa91154059965dcdc0f7510d
-
SHA512
47761b47fa132cdcc6340f4d8d9324c370ed367eccf6a0f47713a74aa99ca6c4b0658c47b2e3ba43075043203629c68d062085ad6372b4f585358e6ad7b232aa
-
SSDEEP
1536:MhpKvNInlI8JFcwy7qr3WRe1nAmbn8qJxd548LDEw1rdgP0iY6:MXKvalI8HRCReb8E548L5ddg8d6
Static task
static1
Behavioral task
behavioral1
Sample
DOC_20221012_094045716.scr
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Oct 11
donzola.duckdns.org:2000
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
DOC_20221012_094045716.scr
-
Size
406.0MB
-
MD5
e95cc5f4f2be88cdd778ddb951e287e4
-
SHA1
478fca06aeb68ab97d2e99c1436b4cc3370ec6d9
-
SHA256
e5b25e4f90530ff9fad1f617d8347f497a8bdba07e707f522564132a5bfab0b5
-
SHA512
23f420f9e904ab6b2d8954ef2232cd8b84560c8f856bc83e74d8eb17228def2dc6be09db8aa7f8a67d5914be2e2e228cd483d818602a79397f96c709c5e5c49a
-
SSDEEP
3072:M+rR+Y6VgvQdJK0vtNZg/V7S+O+dvvAun:M+BFI3vtNZNH+dv
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-