Extracted

• • Target

    AUNova.exe

  • Size

    2.1MB

  • MD5

    3d37da85a895fc9dc6abb3885041d9ef

  • SHA1

    a80e01133d9a0fe9f4675bd127d46c9a283cdab3

  • SHA256

    fc5945aa217c7a8eca8d501693d491f5efdf88c629ab5758369db1ee6967517a

  • SHA512

    27e9f0c5da0f3fa05219d607de1816b3e4193f7a742e8ec41b9633653de4f020000ea1e97d000458694c82e9c58bd4583c495c4ec513b1a483b2c64b623ca413

  • SSDEEP

    24576:9GzSVNqaWt+eTVXydlYmVSdh0Tzt0ReIumwxmV59C6qBJETV/rkDJSTIDS4Fuvrm:czoNK9M7Y8GUzg9IY9C2VTQwvrYZzBJ

  Score

  10^/10

  asyncratxmrigdefaultevasionexecutionminerpersistenceratupx

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Xmrig family

    xmrig

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Async RAT payload

    rat

  • XMRig Miner payload

    miner

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Creates new service(s)

    persistenceexecution

  • Stops running service(s)

    evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2