General
-
Target
file.exe
-
Size
336KB
-
Sample
230601-x1s7eagd6w
-
MD5
7f5fd6228a8d8edf2c88d1b34cb8c847
-
SHA1
408049adf245bcad778add0903c6803a4d691d3f
-
SHA256
2869fbcf083c03c7cd55e45661f6df089fdf169b1719d5052a52e2e386bf3a6d
-
SHA512
4ec90147cdace22b9a14d776fe28837994689553aeef682597a4e218a44ca68a0227131987ed28f6458ca6ba478f2e1f39785f99c98154a301a5affb37a755ab
-
SSDEEP
6144:DT9zpYsT9/xBDwYQJkaLVo/DtBI6C39gMGHQuwDBOknXcMbE+:DYsZ/bxQJDVODtBtOgOuYO8Xb
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.1
Default
vrmctetyuyojxzjvffl
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/WD485ntt
Targets
-
-
Target
file.exe
-
Size
336KB
-
MD5
7f5fd6228a8d8edf2c88d1b34cb8c847
-
SHA1
408049adf245bcad778add0903c6803a4d691d3f
-
SHA256
2869fbcf083c03c7cd55e45661f6df089fdf169b1719d5052a52e2e386bf3a6d
-
SHA512
4ec90147cdace22b9a14d776fe28837994689553aeef682597a4e218a44ca68a0227131987ed28f6458ca6ba478f2e1f39785f99c98154a301a5affb37a755ab
-
SSDEEP
6144:DT9zpYsT9/xBDwYQJkaLVo/DtBI6C39gMGHQuwDBOknXcMbE+:DYsZ/bxQJDVODtBtOgOuYO8Xb
-
Async RAT payload
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-