General
-
Target
cc4c6bb15c7418d9714403199b15fe6d
-
Size
1.9MB
-
Sample
221128-3t2g4agb2z
-
MD5
cc4c6bb15c7418d9714403199b15fe6d
-
SHA1
65164ee109c017dc8e3b0e55325d059e01b54eee
-
SHA256
4880b279eeede233e96393a4c905926ab88624b2d55e6784960a410939265608
-
SHA512
d231f547b0e335f47ab876a818994e3f27d17f67e7d1f2f0c03801dd031e97e6f738c4e990161c8f1dbda5bb8fdbf7c179031088c874ee45a61656ccc7e187c3
-
SSDEEP
49152:GGkIU5SJTX4ltLsp4uTLFMkpNBTUymXZT8seqvUzc8bAZ:GWLTYL+pfTUTXZfe/f6
Static task
static1
Behavioral task
behavioral1
Sample
cc4c6bb15c7418d9714403199b15fe6d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cc4c6bb15c7418d9714403199b15fe6d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
VenomRAT+HVNC+Stealer Version:5.0.8
Venom Clients
190.2.147.39:4449
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
cc4c6bb15c7418d9714403199b15fe6d
-
Size
1.9MB
-
MD5
cc4c6bb15c7418d9714403199b15fe6d
-
SHA1
65164ee109c017dc8e3b0e55325d059e01b54eee
-
SHA256
4880b279eeede233e96393a4c905926ab88624b2d55e6784960a410939265608
-
SHA512
d231f547b0e335f47ab876a818994e3f27d17f67e7d1f2f0c03801dd031e97e6f738c4e990161c8f1dbda5bb8fdbf7c179031088c874ee45a61656ccc7e187c3
-
SSDEEP
49152:GGkIU5SJTX4ltLsp4uTLFMkpNBTUymXZT8seqvUzc8bAZ:GWLTYL+pfTUTXZfe/f6
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-