General
-
Target
22c1b1887ed7fe6986fee6a7c4d926c4f6f598815f5bce51005de59e0c259b13.exe
-
Size
8.9MB
-
Sample
220906-g53cwagcf3
-
MD5
aab5782551a7f2c6b4465d6c83387ecd
-
SHA1
e7fb82e31bb8afd96c0ed068bea37beb5bb880b9
-
SHA256
22c1b1887ed7fe6986fee6a7c4d926c4f6f598815f5bce51005de59e0c259b13
-
SHA512
1096339b094a2546181d71e877858a5260ceb77563956a58b3cb1abd0d4bb3784928daf276bc5ccecc08fc84d2e979e061aa5cc9246e686e80ff01d725d9ff52
-
SSDEEP
196608:uukuAqO5c26TcKS3wg7/h6VLAWsYEgscmMTtOI/o363RtuaYe9:uqAfc2KDS3F7/h+EBgscpTtOaoSRtul4
Static task
static1
Behavioral task
behavioral1
Sample
22c1b1887ed7fe6986fee6a7c4d926c4f6f598815f5bce51005de59e0c259b13.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
VenomRAT_HVNC 5.0.4
System
127.0.0.1:2322
127.0.0.1:13817
2.tcp.ngrok.io:2322
2.tcp.ngrok.io:13817
tXTIPkhRL
-
delay
0
-
install
true
-
install_file
System.exe
-
install_folder
%AppData%
Targets
-
-
Target
22c1b1887ed7fe6986fee6a7c4d926c4f6f598815f5bce51005de59e0c259b13.exe
-
Size
8.9MB
-
MD5
aab5782551a7f2c6b4465d6c83387ecd
-
SHA1
e7fb82e31bb8afd96c0ed068bea37beb5bb880b9
-
SHA256
22c1b1887ed7fe6986fee6a7c4d926c4f6f598815f5bce51005de59e0c259b13
-
SHA512
1096339b094a2546181d71e877858a5260ceb77563956a58b3cb1abd0d4bb3784928daf276bc5ccecc08fc84d2e979e061aa5cc9246e686e80ff01d725d9ff52
-
SSDEEP
196608:uukuAqO5c26TcKS3wg7/h6VLAWsYEgscmMTtOI/o363RtuaYe9:uqAfc2KDS3F7/h+EBgscpTtOaoSRtul4
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-