General
-
Target
f0ba0fdaeb248b67341c740cb728b056516768bee672c4df22f38dbad3598bde
-
Size
402KB
-
Sample
221004-ec5anabch2
-
MD5
ca0d504d89fbea69214e40b896079d8b
-
SHA1
0c43265dd0448395cc3c88fd9dcc828dc95ec016
-
SHA256
f0ba0fdaeb248b67341c740cb728b056516768bee672c4df22f38dbad3598bde
-
SHA512
a5f9d41e04157f6b15c8729d09cb65c546bfb288368476f62a87387d395305e9c3098d63eb7ab12b404273b6cc37513ae27d3f5e9ca0005d1e85fef43a091cbe
-
SSDEEP
3072:MxXrxqAHh+Pat+LUacwdKZnQ0NLqbm6rw7Yia9p3VvP:MxXrY0h+YZZXfWw8iIvP
Static task
static1
Behavioral task
behavioral1
Sample
4029013#.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.4
MAY 17
paris-comrademay17.duckdns.org:25045
kjauwydefagvrcku64y
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
4029013#.exe
-
Size
300.0MB
-
MD5
41308dae88480a4eaf61b36767990bbe
-
SHA1
a347f3eb607df4c47b9473818866bcad6aef4e96
-
SHA256
190324c758fe4e21f2254d10bc9871b5e8a2e0f063a0b49f1680b3ee9f8da519
-
SHA512
ee0812562d7f0f16ea75ccc236ac85c986c47ed52fc75ffb8d1a21d9c62cb90855963d2678dfc01345e97f5435d320d0ba982d82f1d7395d066b843e49479c42
-
SSDEEP
3072:ZuDu8y65Hc4/+683JZbqaZ75yEzHX7NXjPP8shYd0CwbI+hRx:ZuDu8y65Hc4SrbqXEz37BjzugbIg
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-