General
-
Target
15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc
-
Size
578KB
-
Sample
241024-144zvsvhpq
-
MD5
0fc72f5b6c6a6109f6f3c3d43089e422
-
SHA1
7b05b6c35e5f1c2dd4aa215b4c0289c970b9cdab
-
SHA256
15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc
-
SHA512
fcb4251dd52a6bb04009078c5fe38ce014c50091c09c8b54ba3a1d8b910cdf4c915deb7b91838da53033d7da3602057453d651cdb561acc9d634962e31e2c5e3
-
SSDEEP
12288:rlMq2L06Z/oQNgZHjow6V3hLfIW2MxcSg4bQ5RtlcrdxYf:ZILJ9olJowwRLAWFDgqzdif
Static task
static1
Behavioral task
behavioral1
Sample
15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc.exe
Resource
win7-20240903-en
Malware Config
Extracted
asyncrat
true
LNjector
NglVnt43hRGA
-
delay
3
-
install
false
-
install_file
$77oui.exe
-
install_folder
%StartupStatus%
-
pastebin_config
https://pastebin.com/raw/e0jEz3T0
Targets
-
-
Target
15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc
-
Size
578KB
-
MD5
0fc72f5b6c6a6109f6f3c3d43089e422
-
SHA1
7b05b6c35e5f1c2dd4aa215b4c0289c970b9cdab
-
SHA256
15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc
-
SHA512
fcb4251dd52a6bb04009078c5fe38ce014c50091c09c8b54ba3a1d8b910cdf4c915deb7b91838da53033d7da3602057453d651cdb561acc9d634962e31e2c5e3
-
SSDEEP
12288:rlMq2L06Z/oQNgZHjow6V3hLfIW2MxcSg4bQ5RtlcrdxYf:ZILJ9olJowwRLAWFDgqzdif
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-