General
-
Target
Office.rar
-
Size
5.2MB
-
Sample
230324-qsw5rsgf9s
-
MD5
24fd1c1c16a63edc5e2402021a140e9e
-
SHA1
4ad1124ab2010b776e2cccb9d34ad9bedfde3018
-
SHA256
c2e2c6bb6fcfc0c7cb5e431aa864ef254d1a5da2dfc3404e57c2fbaffd4b03fe
-
SHA512
53164193d1d28780f71c502ff8f99766868cc34c95073d678bcb1cc420c98ad07934369cc376d5a4d8985b9739b0395c43cc0c1fad42d5df9711b1204205c561
-
SSDEEP
98304:tXHpnPdiqar27R8IA42/1Ue5SUzXg0+B6oHBIkc7RayoHo74RItLd3u9yXQiORca:NlPsqar27OIF2/UUzXg0+B6+BrclayOP
Static task
static1
Behavioral task
behavioral1
Sample
Officeexploit.exe
Resource
win10-20230220-en
Malware Config
Extracted
asyncrat
VenomRAT_HVNC 5.0.4
Venom Clients
0.tcp.in.ngrok.io:16536
ddzucoqijfsxpd
-
delay
0
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Officeexploit.exe
-
Size
6.9MB
-
MD5
c862188d5b7ff565649a8910e1de5567
-
SHA1
fb2136bbcd0906b1475aa9fcc6b60aa73b1e60c8
-
SHA256
e177f76028426973fee6f4da522dc1c3a2b7cc8ee47ba1d3ca9ae5388f415c61
-
SHA512
8d07661c05f19f8773ef3a1aae063374fb7f24425acf45c068d567eaf1afb61a12b3026c8a13f9e24100835f26ccf2871f155d2b1f9b8a121fa9097827aaacde
-
SSDEEP
49152:G2iFjtp/eaXvBINUm0lcMvzDhQozYgCfg85UQn4lK5iTkV8u9HUIWz/OrZHzlcvG:GPjG
Score10/10-
Async RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-