General
-
Target
document_viewer.exe
-
Size
580KB
-
Sample
230217-mnnfaaee3y
-
MD5
bc1722ec205a1c5ed34b8766971fe608
-
SHA1
43ded76bf48088b7684879214ad4d66b58ef9a90
-
SHA256
325076c547bffb21683f5bc023739016ad025c0739a7e122aa7289fa91fc88c2
-
SHA512
9eee2a624c14281de538b34032457c53276c3dad67b89989e7f95a3e93dae05e87bda13791aa00d8928d4a9845879d164ff900084ad5a120db44e934b0f89465
-
SSDEEP
12288:bIqDSu4Dsv9thG2SEzak3cgH+/nSsYCrDl0wnhkDsv9t:MqDSu8gLY/nWiuY
Static task
static1
Behavioral task
behavioral1
Sample
document_viewer.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.0
Default
179.43.142.197:5789
ncarwpqkcbklyda
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
document_viewer.exe
-
Size
580KB
-
MD5
bc1722ec205a1c5ed34b8766971fe608
-
SHA1
43ded76bf48088b7684879214ad4d66b58ef9a90
-
SHA256
325076c547bffb21683f5bc023739016ad025c0739a7e122aa7289fa91fc88c2
-
SHA512
9eee2a624c14281de538b34032457c53276c3dad67b89989e7f95a3e93dae05e87bda13791aa00d8928d4a9845879d164ff900084ad5a120db44e934b0f89465
-
SSDEEP
12288:bIqDSu4Dsv9thG2SEzak3cgH+/nSsYCrDl0wnhkDsv9t:MqDSu8gLY/nWiuY
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-