General
-
Target
RFQ_ORDER484425083-NJQ.exe
-
Size
832KB
-
Sample
220124-q67tesehc8
-
MD5
9e83077fd628fefd80f9abcdc025e648
-
SHA1
faaeb0ce7ee4e268b699ebd57d3af36c8c20cee4
-
SHA256
70cd7f8c5818b4bbec9b33b3518736bd0627d8e92570c015dd630a461d074262
-
SHA512
943fb244cc8e5fc96fc19e5734ce32803e7f2f1c006eb372336db2fc4b5ac112972f468c24605e004f6d04ed27f035253e7b43fb49ea449140dff87c63b79916
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_ORDER484425083-NJQ.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
RFQ_ORDER484425083-NJQ.exe
Resource
win10-en-20211208
Malware Config
Extracted
asyncrat
VenomRAT 5.0.3
Venom Clients
194.5.98.120:4449
Venom_RAT_Mutex_Venom_RAT
-
anti_vm
false
-
bsod
false
-
delay
0
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
RFQ_ORDER484425083-NJQ.exe
-
Size
832KB
-
MD5
9e83077fd628fefd80f9abcdc025e648
-
SHA1
faaeb0ce7ee4e268b699ebd57d3af36c8c20cee4
-
SHA256
70cd7f8c5818b4bbec9b33b3518736bd0627d8e92570c015dd630a461d074262
-
SHA512
943fb244cc8e5fc96fc19e5734ce32803e7f2f1c006eb372336db2fc4b5ac112972f468c24605e004f6d04ed27f035253e7b43fb49ea449140dff87c63b79916
Score10/10-
Async RAT payload
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-