General
-
Target
4672ceafd2e11ff9aa26ecbb9094aed5d1a58e995f2a93ae054f46f6f56591f7
-
Size
415KB
-
Sample
221205-g6k5zshc9s
-
MD5
0ee108a8e3b9cddad2cceb2648072fe2
-
SHA1
fce82d4a7aefd76ed3239fb6f33bbd7b6dce87a9
-
SHA256
4672ceafd2e11ff9aa26ecbb9094aed5d1a58e995f2a93ae054f46f6f56591f7
-
SHA512
1456febc7903ffa5c018b8c3a2ebd05278cddb9a39f792615f9dd308ef95a542fd89ebe31a709d4d36d335f9e96fbe410fc6990e4e3f9c2f4308d9e508124449
-
SSDEEP
12288:mF4ioOyjRGILz+N8vmI/v8GpRyWgDy6QG:2ZoOyjMqLN+W9G
Static task
static1
Behavioral task
behavioral1
Sample
4672ceafd2e11ff9aa26ecbb9094aed5d1a58e995f2a93ae054f46f6f56591f7.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
VenomRAT+HVNC+Stealer Version:5.0.8
Venom Clients
79.137.207.151:4449
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
10
-
install
true
-
install_file
svchost.exe
-
install_folder
%AppData%
Targets
-
-
Target
4672ceafd2e11ff9aa26ecbb9094aed5d1a58e995f2a93ae054f46f6f56591f7
-
Size
415KB
-
MD5
0ee108a8e3b9cddad2cceb2648072fe2
-
SHA1
fce82d4a7aefd76ed3239fb6f33bbd7b6dce87a9
-
SHA256
4672ceafd2e11ff9aa26ecbb9094aed5d1a58e995f2a93ae054f46f6f56591f7
-
SHA512
1456febc7903ffa5c018b8c3a2ebd05278cddb9a39f792615f9dd308ef95a542fd89ebe31a709d4d36d335f9e96fbe410fc6990e4e3f9c2f4308d9e508124449
-
SSDEEP
12288:mF4ioOyjRGILz+N8vmI/v8GpRyWgDy6QG:2ZoOyjMqLN+W9G
-
StormKitty payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-