General
-
Target
15d394e58b2307f97224fce85bb086a267616c4d64b2bf901dfe295d20f7ff87
-
Size
281KB
-
Sample
220923-ed4qhsdaf5
-
MD5
30840d977db49739d966d3a656c786bf
-
SHA1
2536a586a20a2f5fc05ace24ec5ad9b070b53814
-
SHA256
15d394e58b2307f97224fce85bb086a267616c4d64b2bf901dfe295d20f7ff87
-
SHA512
480f34980c12f9a6d16397eeaef19394859095099cf2b8fdb228f92925e61a3e67357ccd1aa733ebbcf907c85e065181f073c04e94c14d8d9693c267568e3765
-
SSDEEP
6144:bruoSwazLRbw2TDEJJ5R6q3TgPSS0yhDigavwVfa:brzho1bw2TIJkqDg2ysl
Static task
static1
Behavioral task
behavioral1
Sample
15d394e58b2307f97224fce85bb086a267616c4d64b2bf901dfe295d20f7ff87.exe
Resource
win10-20220901-en
Malware Config
Extracted
danabot
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
asyncrat
VenomAngel 5.0.7
Venom Clients
91.134.214.15:4449
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
15d394e58b2307f97224fce85bb086a267616c4d64b2bf901dfe295d20f7ff87
-
Size
281KB
-
MD5
30840d977db49739d966d3a656c786bf
-
SHA1
2536a586a20a2f5fc05ace24ec5ad9b070b53814
-
SHA256
15d394e58b2307f97224fce85bb086a267616c4d64b2bf901dfe295d20f7ff87
-
SHA512
480f34980c12f9a6d16397eeaef19394859095099cf2b8fdb228f92925e61a3e67357ccd1aa733ebbcf907c85e065181f073c04e94c14d8d9693c267568e3765
-
SSDEEP
6144:bruoSwazLRbw2TDEJJ5R6q3TgPSS0yhDigavwVfa:brzho1bw2TIJkqDg2ysl
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-