General
-
Target
Image_Of_Victim.exe
-
Size
1.9MB
-
Sample
221010-f5efdaahej
-
MD5
f1878e41af327064496e57f50d35395d
-
SHA1
b426d39e6928556a2b58d9147c3254b8fa6009a4
-
SHA256
373834225a126abde8256049e073b8e07bd06c7563f929783f441a1a63a88d1b
-
SHA512
ff28bbd0f3c7b04ba93f024d356cee092f14c3040b968ebae31bdd9116ed8762aadcec3ac3af3e06238a787ef87b5031d29acf708640c52ac80f55fdfcd89fdd
-
SSDEEP
49152:C5IoVKMQfTCFbMmHI6jduMG+XtbNztOsrStQ0pDWa:C5IoAMQfIr++dpztpStFJ
Static task
static1
Behavioral task
behavioral1
Sample
Image_Of_Victim.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Image_Of_Victim.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
tienMonkey-40774.portmap.io:40774
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Image_Of_Victim.exe
-
Size
1.9MB
-
MD5
f1878e41af327064496e57f50d35395d
-
SHA1
b426d39e6928556a2b58d9147c3254b8fa6009a4
-
SHA256
373834225a126abde8256049e073b8e07bd06c7563f929783f441a1a63a88d1b
-
SHA512
ff28bbd0f3c7b04ba93f024d356cee092f14c3040b968ebae31bdd9116ed8762aadcec3ac3af3e06238a787ef87b5031d29acf708640c52ac80f55fdfcd89fdd
-
SSDEEP
49152:C5IoVKMQfTCFbMmHI6jduMG+XtbNztOsrStQ0pDWa:C5IoAMQfIr++dpztpStFJ
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-