General
-
Target
WINCPU.EXE.exe
-
Size
397KB
-
Sample
221013-pt2wzaebe6
-
MD5
52195e2a7f97c64cae5e8a29526e331b
-
SHA1
8b9ba509ab3708ca6c3ddc9e6b2159b6c8b3a757
-
SHA256
a43109ea48654a6991a1b53ac29b54cec0dcf75cf0228ea661a40d8b976c1c2b
-
SHA512
44178e0ea91eb402fce4b4d496f550c3ec1483130af840e867d0086a564695f41a32789882caf5b25bd908b46668330dc7b266599f04a5f451e113fcf881889b
-
SSDEEP
6144:qXMHJuU7CtrrwR9LXc5XQlDRHspjwYOvFoDngLV6yuY1HeO:q6bCprwRJsNTpjwYk+DnGVZu0+O
Static task
static1
Behavioral task
behavioral1
Sample
WINCPU.EXE.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
0.5.6A
45.74.4.244:6606
45.74.4.244:7707
45.74.4.244:8808
servtle284
-
delay
5
-
install
true
-
install_file
wintskl.exe
-
install_folder
%AppData%
Targets
-
-
Target
WINCPU.EXE.exe
-
Size
397KB
-
MD5
52195e2a7f97c64cae5e8a29526e331b
-
SHA1
8b9ba509ab3708ca6c3ddc9e6b2159b6c8b3a757
-
SHA256
a43109ea48654a6991a1b53ac29b54cec0dcf75cf0228ea661a40d8b976c1c2b
-
SHA512
44178e0ea91eb402fce4b4d496f550c3ec1483130af840e867d0086a564695f41a32789882caf5b25bd908b46668330dc7b266599f04a5f451e113fcf881889b
-
SSDEEP
6144:qXMHJuU7CtrrwR9LXc5XQlDRHspjwYOvFoDngLV6yuY1HeO:q6bCprwRJsNTpjwYk+DnGVZu0+O
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-