General
-
Target
RCAV01KAYUOPSH09.exe
-
Size
300.0MB
-
Sample
220923-tk35wsahaq
-
MD5
248b22656b4f570096d43a9b1dceec79
-
SHA1
f0dbaf167be570b55cae61699335058cb391f14d
-
SHA256
2686f48d8ee20bb626d990a4bc0d9d9fb62caf5f7c692442a93c695a3d739401
-
SHA512
e957b674565c62cf0729ce6829c9f5d85f7e19fa889b3819f7ec375a402f95fba20004ee39c7cf7f2c52d695e079ad5fab850f85362c52e5a77649ab370d268b
-
SSDEEP
3072:pRmDce0sRYqkocK3leiOCv9CfXGtj/sePd4:pof0wXBcdCv9CfXGlEePm
Static task
static1
Behavioral task
behavioral1
Sample
RCAV01KAYUOPSH09.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RCAV01KAYUOPSH09.exe
Resource
win10-20220901-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
stoo02093.duckdns.org:5029
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
RCAV01KAYUOPSH09.exe
-
Size
300.0MB
-
MD5
248b22656b4f570096d43a9b1dceec79
-
SHA1
f0dbaf167be570b55cae61699335058cb391f14d
-
SHA256
2686f48d8ee20bb626d990a4bc0d9d9fb62caf5f7c692442a93c695a3d739401
-
SHA512
e957b674565c62cf0729ce6829c9f5d85f7e19fa889b3819f7ec375a402f95fba20004ee39c7cf7f2c52d695e079ad5fab850f85362c52e5a77649ab370d268b
-
SSDEEP
3072:pRmDce0sRYqkocK3leiOCv9CfXGtj/sePd4:pof0wXBcdCv9CfXGlEePm
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-