General
-
Target
6474c38705ed24203c4f2c1386465b97.exe
-
Size
1.2MB
-
Sample
221205-rwallshd33
-
MD5
6474c38705ed24203c4f2c1386465b97
-
SHA1
afecee20116234fb98d5ce66bb99dd71de43796c
-
SHA256
538f828e062bb8200c9947698aa8d57281fb41df64e29bae5d148fc3b2983c36
-
SHA512
bb3ef85bb1fd87245095aa68503347f3ee4452b871f26b4dd90a100e4d08b0164f96147c4a7f2a50d3c153bc26e162d9edf0bf68a37b1a3cf6b0915ee52a2e05
-
SSDEEP
12288:m7Xw8/7fKSkzJNolKRASwx7IkN24DLbwTDzGPNPbegfKk7ZT1uQOXVtOt5kYgkmI:mP7iqlKDw+m24D0cbDZuQmS5kme
Static task
static1
Behavioral task
behavioral1
Sample
6474c38705ed24203c4f2c1386465b97.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6474c38705ed24203c4f2c1386465b97.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
VenomRAT+HVNC+Stealer Version:5.0.8
Venom Clients
79.137.207.151:4449
Venom_RAT_HVNC_Mutex_Venom RAT066840
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
6474c38705ed24203c4f2c1386465b97.exe
-
Size
1.2MB
-
MD5
6474c38705ed24203c4f2c1386465b97
-
SHA1
afecee20116234fb98d5ce66bb99dd71de43796c
-
SHA256
538f828e062bb8200c9947698aa8d57281fb41df64e29bae5d148fc3b2983c36
-
SHA512
bb3ef85bb1fd87245095aa68503347f3ee4452b871f26b4dd90a100e4d08b0164f96147c4a7f2a50d3c153bc26e162d9edf0bf68a37b1a3cf6b0915ee52a2e05
-
SSDEEP
12288:m7Xw8/7fKSkzJNolKRASwx7IkN24DLbwTDzGPNPbegfKk7ZT1uQOXVtOt5kYgkmI:mP7iqlKDw+m24D0cbDZuQmS5kme
Score10/10-
Async RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-