General
-
Target
b6f3db88b8c6070f8d31d9c36caa59ac7fbdf99b9eeb741ec3e25c73b23bc822
-
Size
250KB
-
Sample
220120-qw3fysabgj
-
MD5
0c4d308254cea8285969f26023123a46
-
SHA1
54ffda34ec3766b837d04b36987c01facf183098
-
SHA256
b6f3db88b8c6070f8d31d9c36caa59ac7fbdf99b9eeb741ec3e25c73b23bc822
-
SHA512
8bea7e137f9de38254bf0fe7dbb4d02e4ed1f9ad83be608d0441b8116108ea3a1aa8158aa37a45fdaa38ad9386cbfa50123238deb6afcb03f371df501c36a661
Static task
static1
Behavioral task
behavioral1
Sample
b6f3db88b8c6070f8d31d9c36caa59ac7fbdf99b9eeb741ec3e25c73b23bc822.exe
Resource
win10-en-20211208
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
Extracted
asyncrat
VenomRAT_HVNC 5.0.4
Venom Clients
127.0.0.1:4449
91.92.136.123:4449
Venom_RAT_Mutex_Venom_RAT
-
anti_vm
false
-
bsod
false
-
delay
0
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
b6f3db88b8c6070f8d31d9c36caa59ac7fbdf99b9eeb741ec3e25c73b23bc822
-
Size
250KB
-
MD5
0c4d308254cea8285969f26023123a46
-
SHA1
54ffda34ec3766b837d04b36987c01facf183098
-
SHA256
b6f3db88b8c6070f8d31d9c36caa59ac7fbdf99b9eeb741ec3e25c73b23bc822
-
SHA512
8bea7e137f9de38254bf0fe7dbb4d02e4ed1f9ad83be608d0441b8116108ea3a1aa8158aa37a45fdaa38ad9386cbfa50123238deb6afcb03f371df501c36a661
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-