General
-
Target
RVKAS04KJHWDFV01HGY.exe
-
Size
300.0MB
-
Sample
220928-ze4gcshab6
-
MD5
8f229797d75d12c30042cf7ac4816d8e
-
SHA1
789a595bf5f56d93d232a2dfd01480a3447ea75c
-
SHA256
cd45f75d587dc5aac121abb8bdd48247588ffa545a7ad6bc657f5f0ddf044105
-
SHA512
0f650136a86e8fd1e9fa300446010bf61866b4c2f59d711f2cd3de4ce4f679719c0de4337c8107b650023e0f5094ffc7cf6f707915f6777682642b2940bf4a0c
-
SSDEEP
3072:PCz5n5VJ/ZfkTE6FBR0/JGJvnMwBbGe8IsPsBAAAAAAAAAAAAAAAAAASY:QnvL8TFFBtygbGe8XC
Static task
static1
Behavioral task
behavioral1
Sample
RVKAS04KJHWDFV01HGY.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RVKAS04KJHWDFV01HGY.exe
Resource
win10-20220812-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
g896696.duckdns.org:7343
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
RVKAS04KJHWDFV01HGY.exe
-
Size
300.0MB
-
MD5
8f229797d75d12c30042cf7ac4816d8e
-
SHA1
789a595bf5f56d93d232a2dfd01480a3447ea75c
-
SHA256
cd45f75d587dc5aac121abb8bdd48247588ffa545a7ad6bc657f5f0ddf044105
-
SHA512
0f650136a86e8fd1e9fa300446010bf61866b4c2f59d711f2cd3de4ce4f679719c0de4337c8107b650023e0f5094ffc7cf6f707915f6777682642b2940bf4a0c
-
SSDEEP
3072:PCz5n5VJ/ZfkTE6FBR0/JGJvnMwBbGe8IsPsBAAAAAAAAAAAAAAAAAASY:QnvL8TFFBtygbGe8XC
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-