General
-
Target
BQOPGHS03TYASB05.exe
-
Size
300.0MB
-
Sample
220923-s41cnsaggj
-
MD5
4d415eaae22c60750666c0675e114dff
-
SHA1
8358db246673c92217bf934ce99bae0a79c0e098
-
SHA256
38c18a339d6a702b37f6bafe3601ac3392b8b18f8fe643a777152f08779f3efb
-
SHA512
36809301c256f95303d757806e6c1719333887c8282769f472dae86d0a193f505e4ea89387f72c309072a71c139670b7eadaf9c3facec5ec40db42ed90184382
-
SSDEEP
3072:dGjrAzSi61yQk6L0XokOX1Env0sGwFrqrAkCvwUCePd4:dGjr+AyQki0YF6MshcaOePm
Static task
static1
Behavioral task
behavioral1
Sample
BQOPGHS03TYASB05.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
BQOPGHS03TYASB05.exe
Resource
win10-20220812-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
stoo02093.duckdns.org:5029
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
BQOPGHS03TYASB05.exe
-
Size
300.0MB
-
MD5
4d415eaae22c60750666c0675e114dff
-
SHA1
8358db246673c92217bf934ce99bae0a79c0e098
-
SHA256
38c18a339d6a702b37f6bafe3601ac3392b8b18f8fe643a777152f08779f3efb
-
SHA512
36809301c256f95303d757806e6c1719333887c8282769f472dae86d0a193f505e4ea89387f72c309072a71c139670b7eadaf9c3facec5ec40db42ed90184382
-
SSDEEP
3072:dGjrAzSi61yQk6L0XokOX1Env0sGwFrqrAkCvwUCePd4:dGjr+AyQki0YF6MshcaOePm
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-