General
-
Target
office.exe
-
Size
47KB
-
Sample
230328-bdsrgaaa3y
-
MD5
f46262d1f88bfd6a7d396bb6bded7569
-
SHA1
73ce3ccb3e8a84fdd4e02cf6bcf74104776b44e9
-
SHA256
6001c8b4745bd5318ee72783181b6b010e399634c5d6a1195012cf8bfe8b0e24
-
SHA512
b6aa3196bc786fb28fa4e0bba6f678a16bbf58fb77fc0c5a0185ec5bf5d204e5a4f786329505ee14653aa67ebaf01720852260485f64d4d97d0415ac0e5b4ce1
-
SSDEEP
768:uu4X9TskvpDWUPANxmo2qb7rMzERKPI6XFfKgWX0bDzqoy9IYqZ+SrdImSgFayB4:uu4X9TswI2JERz6XFfKgWEbnLye+SJId
Behavioral task
behavioral1
Sample
office.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
gan
office-bcr-host.duckdns.org:8080
Mutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Office98.exe
-
install_folder
%AppData%
Targets
-
-
Target
office.exe
-
Size
47KB
-
MD5
f46262d1f88bfd6a7d396bb6bded7569
-
SHA1
73ce3ccb3e8a84fdd4e02cf6bcf74104776b44e9
-
SHA256
6001c8b4745bd5318ee72783181b6b010e399634c5d6a1195012cf8bfe8b0e24
-
SHA512
b6aa3196bc786fb28fa4e0bba6f678a16bbf58fb77fc0c5a0185ec5bf5d204e5a4f786329505ee14653aa67ebaf01720852260485f64d4d97d0415ac0e5b4ce1
-
SSDEEP
768:uu4X9TskvpDWUPANxmo2qb7rMzERKPI6XFfKgWX0bDzqoy9IYqZ+SrdImSgFayB4:uu4X9TswI2JERz6XFfKgWEbnLye+SJId
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-