General
-
Target
afcd19bfc8c7d2e14b896774c2bc4c37.exe
-
Size
571KB
-
Sample
220701-w4wk9saean
-
MD5
afcd19bfc8c7d2e14b896774c2bc4c37
-
SHA1
e25f7298d5f0f8e241c9c7a5af34e643685ce6bd
-
SHA256
0107796696a369ff65f7156be554659e8cba137cdf4af78da7daac9362820737
-
SHA512
cb196072de8942d28535a8afb66223855308933936d774310eeabea822f3ec894112281c9d5477a1b0f31e6bae55bc1b2b4f665120c83bf2494449ea348dc88f
Static task
static1
Behavioral task
behavioral1
Sample
afcd19bfc8c7d2e14b896774c2bc4c37.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
afcd19bfc8c7d2e14b896774c2bc4c37.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
1.0.7
Nigatex
nigatex.ml:25565
huieqwgehqweqduia
-
delay
1
-
install
false
-
install_file
MpCopyAccelerator.exe
-
install_folder
%AppData%
Targets
-
-
Target
afcd19bfc8c7d2e14b896774c2bc4c37.exe
-
Size
571KB
-
MD5
afcd19bfc8c7d2e14b896774c2bc4c37
-
SHA1
e25f7298d5f0f8e241c9c7a5af34e643685ce6bd
-
SHA256
0107796696a369ff65f7156be554659e8cba137cdf4af78da7daac9362820737
-
SHA512
cb196072de8942d28535a8afb66223855308933936d774310eeabea822f3ec894112281c9d5477a1b0f31e6bae55bc1b2b4f665120c83bf2494449ea348dc88f
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-