General
-
Target
UPS Access infos.xll
-
Size
2.0MB
-
Sample
220701-p6zblsdfcj
-
MD5
df7e8add740fcae0d645eb8f66e085f4
-
SHA1
f5fd645f5596028a550c1e3351f3e097b33ddc17
-
SHA256
d0ce0e20b4b1b80dbf73a08ee5205ade6a9ab7bd2f34c3de524ab034217fc403
-
SHA512
65b9b2e77b9d9d2c7fb2979e4107f00cc2502d4f2454075991640318bd9ef812475b78dc60b862464afc82564d2aa04f57f30a0e42eef600d3cf3f68d20e65a8
Static task
static1
Behavioral task
behavioral1
Sample
UPS Access infos.xll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
UPS Access infos.xll
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/982077202424279072/992061153092063242/Librarieszip
Extracted
Extracted
asyncrat
5.0.5
Venom Clients
expresschiatto.freeddns.org:4449
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
UPS Access infos.xll
-
Size
2.0MB
-
MD5
df7e8add740fcae0d645eb8f66e085f4
-
SHA1
f5fd645f5596028a550c1e3351f3e097b33ddc17
-
SHA256
d0ce0e20b4b1b80dbf73a08ee5205ade6a9ab7bd2f34c3de524ab034217fc403
-
SHA512
65b9b2e77b9d9d2c7fb2979e4107f00cc2502d4f2454075991640318bd9ef812475b78dc60b862464afc82564d2aa04f57f30a0e42eef600d3cf3f68d20e65a8
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-