General
-
Target
35330f1bbbc0f361845b9b987e2f4ac70cdb96ab3f9e80161c2b8971c7df0df4
-
Size
354KB
-
Sample
230227-vzv89seh37
-
MD5
91a442b21fb353b221ea33e767c7fe1b
-
SHA1
e58e0d08ebdc5e91f43631b339c573a732c07056
-
SHA256
35330f1bbbc0f361845b9b987e2f4ac70cdb96ab3f9e80161c2b8971c7df0df4
-
SHA512
262ef3d9577dacde7ad613fe858073b347d21a553961c63f6f64c9dd593fc610dc2bb04ab84b6cf2a4c9347e3795d825690bdb412d19e89fe380da5bd4009f58
-
SSDEEP
6144:ozh88dY9m16JNcxnDggHNrRP5fw2fTt+iMaNOSm3lVVCT4kH/7zppTR:o18fCcaxdPhHTANaYSIlHCT4k/9
Static task
static1
Behavioral task
behavioral1
Sample
35330f1bbbc0f361845b9b987e2f4ac70cdb96ab3f9e80161c2b8971c7df0df4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.1
Default
127.0.0.1:4449
91.134.187.20:4449
mhtuxtjimxsu
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
35330f1bbbc0f361845b9b987e2f4ac70cdb96ab3f9e80161c2b8971c7df0df4
-
Size
354KB
-
MD5
91a442b21fb353b221ea33e767c7fe1b
-
SHA1
e58e0d08ebdc5e91f43631b339c573a732c07056
-
SHA256
35330f1bbbc0f361845b9b987e2f4ac70cdb96ab3f9e80161c2b8971c7df0df4
-
SHA512
262ef3d9577dacde7ad613fe858073b347d21a553961c63f6f64c9dd593fc610dc2bb04ab84b6cf2a4c9347e3795d825690bdb412d19e89fe380da5bd4009f58
-
SSDEEP
6144:ozh88dY9m16JNcxnDggHNrRP5fw2fTt+iMaNOSm3lVVCT4kH/7zppTR:o18fCcaxdPhHTANaYSIlHCT4k/9
Score10/10-
Async RAT payload
-
Sets service image path in registry
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-