General
-
Target
Document #33088.DOCX .js
-
Size
69KB
-
Sample
230227-xvje1sfc74
-
MD5
0189258a89300482417c7727e57d14a6
-
SHA1
5162b7c1ce9b646632eac2d0fe99b7f8f8369263
-
SHA256
b3051daf1bb20dfa1cbc49a1da48ad341ed3a3ccb86fa8ba5a264c4e98cdc0e0
-
SHA512
65349f732e26312b2c06b3559272bfff70f392e7675ccb77b321f579d73439e7fe69f69d9b664e9b97e87e61321ab9ad377b4f503a412eff5d4ce4c614766b49
-
SSDEEP
1536:xlHFMJ1aan+zqOqb/UQ6USfhartMIbIqsvN65zKpmJWabLWgHxHvMW4B+BGmS5Cp:PFMJ1aan+zqOqb/UQ6USfhartMIbIqsI
Static task
static1
Behavioral task
behavioral1
Sample
Document #33088.DOCX .js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Document #33088.DOCX .js
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://176.113.115.123/o.html
Extracted
http://176.113.115.123/o.png
Extracted
http://176.113.115.123/a.png
Extracted
asyncrat
0.5.7B
Default
176.113.115.123:6606
176.113.115.123:7707
176.113.115.123:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Document #33088.DOCX .js
-
Size
69KB
-
MD5
0189258a89300482417c7727e57d14a6
-
SHA1
5162b7c1ce9b646632eac2d0fe99b7f8f8369263
-
SHA256
b3051daf1bb20dfa1cbc49a1da48ad341ed3a3ccb86fa8ba5a264c4e98cdc0e0
-
SHA512
65349f732e26312b2c06b3559272bfff70f392e7675ccb77b321f579d73439e7fe69f69d9b664e9b97e87e61321ab9ad377b4f503a412eff5d4ce4c614766b49
-
SSDEEP
1536:xlHFMJ1aan+zqOqb/UQ6USfhartMIbIqsvN65zKpmJWabLWgHxHvMW4B+BGmS5Cp:PFMJ1aan+zqOqb/UQ6USfhartMIbIqsI
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-