Malware Analysis Report

2025-06-16 02:14

Sample ID 240122-1rpz6sdeap
Target Vape_Launcher.exe
SHA256 2809abeff525d504140c1fa73be37d4b5292be1e1a42528e1559075136a3adfb
Tags
asyncrat default rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2809abeff525d504140c1fa73be37d4b5292be1e1a42528e1559075136a3adfb

Threat Level: Known bad

The file Vape_Launcher.exe was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat

AsyncRat

Async RAT payload

Nirsoft

Executes dropped EXE

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-22 21:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-22 21:53

Reported

2024-01-22 21:57

Platform

win11-20231215-en

Max time kernel

152s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Nirsoft

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Vape_Launcher.exe"

C:\Users\Admin\AppData\Local\Temp\Infected.exe

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 18.ip.gl.ply.gg udp
US 147.185.221.18:6915 18.ip.gl.ply.gg tcp
US 8.8.8.8:53 189.178.17.96.in-addr.arpa udp
N/A 127.0.0.1:8080 tcp

Files

memory/2396-0-0x0000000074EA0000-0x0000000075451000-memory.dmp

memory/2396-2-0x0000000009070000-0x0000000009080000-memory.dmp

memory/2396-1-0x0000000074EA0000-0x0000000075451000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Infected.exe

MD5 d08bccadaa48c06a1469789ff0112691
SHA1 0dc033820315a9065ad0b1a711ac6fc08c750a28
SHA256 cdcdc9ba2ac83c9fa2d65683f99723f2d377660f204be8fc4eecb0097e7751df
SHA512 176b8b0c39807e61eda9a274c1055b5fec2c23a12661028848271a0cd85dda9759f10f9b466f124602b92463a644879adc7d36ec7c87cf9c3c4d49407365e704

memory/5380-14-0x00000000009D0000-0x00000000009E6000-memory.dmp

memory/5380-15-0x00007FFAC2630000-0x00007FFAC30F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 7522deaf33d557e3ccf280fe1fdfd617
SHA1 c271023f336b5057e474a149a8e5965f6ca436f8
SHA256 abc99bedc258091de5a5a70f15593f3520e6a3d4dd9f25f278271d64b77e7499
SHA512 6a2ecb2eaa033e6362f3318155159b86666017dc832b2efb8dfa69c5a9e7c773cec4765bba54dad18f7c14bb59ae24b0c55762612c71151cf3f6b553a37b9d0a

memory/5380-24-0x000000001B7C0000-0x000000001B7D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 00e4aac3935f9070dfdf0013a1ff97f9
SHA1 e658d3ad9fbb78c5c62e81168fc10098c947052f
SHA256 40bafd3962c66e20c5adabf67d7adb435fbfa8b614de83ce724b364c2acfbadb
SHA512 58ec0652be4e1fc5d76e6b1edce7ac3acab8f9100b3277edb51b62c58db4073c4ccf26467562293290cc01d373705925170dc17d74844a5fa6a18bd10148bdb4

C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe

MD5 82ffc9bfc9bad0ecb925447a8e08b762
SHA1 35caea8fe613aae298d444eaa77564c077721db2
SHA256 6f5c49b75f0bfa28a5cf6366786ec3f45683c1c2f979410720a4b107e7426ceb
SHA512 c8b0e84f69ba68841b493f139f364822d8ff130745264903bc1e3e4162d1a9124cc7dec1b5681a69b8348f89d3bf7cdae0b037306d53fa2ea7b862f3981a43c6

memory/2396-29-0x0000000074EA0000-0x0000000075451000-memory.dmp

memory/4032-30-0x00007FFAC2630000-0x00007FFAC30F2000-memory.dmp

memory/4032-31-0x00000254F4710000-0x00000254F836A000-memory.dmp

memory/5380-32-0x00007FFAE36E0000-0x00007FFAE38E9000-memory.dmp

memory/4032-33-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

memory/4032-34-0x00000254FA8F0000-0x00000254FAA66000-memory.dmp

memory/4032-35-0x00000254F87D0000-0x00000254F8802000-memory.dmp

memory/4032-37-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

memory/4032-36-0x00000254FC820000-0x00000254FC83C000-memory.dmp

memory/4032-38-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

memory/4032-39-0x00000254FC840000-0x00000254FC846000-memory.dmp

memory/4032-40-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

memory/5380-43-0x00007FFAC2630000-0x00007FFAC30F2000-memory.dmp

memory/5380-44-0x000000001B7C0000-0x000000001B7D0000-memory.dmp

memory/4032-45-0x00007FFAC2630000-0x00007FFAC30F2000-memory.dmp

memory/5380-46-0x00007FFAE36E0000-0x00007FFAE38E9000-memory.dmp

memory/4032-47-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

memory/4032-49-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

memory/4032-48-0x00000254F87C0000-0x00000254F87D0000-memory.dmp

memory/4032-50-0x00000254F87C0000-0x00000254F87D0000-memory.dmp