General
-
Target
astro-grep-setup.exe.doc
-
Size
1.4MB
-
Sample
210717-zwpczbp9h6
-
MD5
9c3d3679ea84ff9bf67bf8c7aa2afc48
-
SHA1
0470d616e8918ef03098741bf7fb0b313bb8aaea
-
SHA256
2f5639932c7a25cf51737748cdc495367a9203e0a963f930f0009935109da190
-
SHA512
6896ad9abbbaa7760825d40086270f649a82a1291798173764e20deb7a5ef7a2f4070e247f27210f77341d70b6ed7215fa72a1711210610b428fcce39006af53
Static task
static1
Behavioral task
behavioral1
Sample
astro-grep-setup.exe.doc
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.7B
null:null
Mutex_6SI8OkPnk
-
aes_key
ZgOTIhSVzSTSosv4ITYrzailHXWOHyEM
-
anti_detection
true
-
autorun
true
-
bdos
false
-
delay
SWARM-SHOP
-
host
null
-
hwid
20
- install_file
-
install_folder
%AppData%
-
mutex
Mutex_6SI8OkPnk
-
pastebin_config
https://pastebin.com/raw/VTByvKGM
-
port
null
-
version
0.5.7B
Targets
-
-
Target
astro-grep-setup.exe.doc
-
Size
1.4MB
-
MD5
9c3d3679ea84ff9bf67bf8c7aa2afc48
-
SHA1
0470d616e8918ef03098741bf7fb0b313bb8aaea
-
SHA256
2f5639932c7a25cf51737748cdc495367a9203e0a963f930f0009935109da190
-
SHA512
6896ad9abbbaa7760825d40086270f649a82a1291798173764e20deb7a5ef7a2f4070e247f27210f77341d70b6ed7215fa72a1711210610b428fcce39006af53
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-