General
-
Target
ac39761fb97690a8d3a9a664b482a1e966359c1cc4986c62563fc2daf6a857d3
-
Size
451KB
-
Sample
230817-v1mnhsch4v
-
MD5
3165e5045b93dd77931c69b373226483
-
SHA1
c4652b4087ef45c0ff18f7f01922905bdeb0ffe7
-
SHA256
ac39761fb97690a8d3a9a664b482a1e966359c1cc4986c62563fc2daf6a857d3
-
SHA512
07e9821f3ae56b32d6ba6fed9db634c9f5041d2f5c3279f9596dbdb38d8e2d77c8a42a078ef527c8bf87a528fe6f66947098280e2c8d1e8dba5539a8a26e99de
-
SSDEEP
6144:XtCdfR0ef6CJsxLKuV8bsdGy9dtHgAE/iSpRS1QxBJsXJnFtjS:X8dfR0efhOdVxYyxHgn/S1cSw
Static task
static1
Behavioral task
behavioral1
Sample
ac39761fb97690a8d3a9a664b482a1e966359c1cc4986c62563fc2daf6a857d3.exe
Resource
win10-20230703-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.1
Default
185.106.94.122:4449
nrasbnbyxirll
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ac39761fb97690a8d3a9a664b482a1e966359c1cc4986c62563fc2daf6a857d3
-
Size
451KB
-
MD5
3165e5045b93dd77931c69b373226483
-
SHA1
c4652b4087ef45c0ff18f7f01922905bdeb0ffe7
-
SHA256
ac39761fb97690a8d3a9a664b482a1e966359c1cc4986c62563fc2daf6a857d3
-
SHA512
07e9821f3ae56b32d6ba6fed9db634c9f5041d2f5c3279f9596dbdb38d8e2d77c8a42a078ef527c8bf87a528fe6f66947098280e2c8d1e8dba5539a8a26e99de
-
SSDEEP
6144:XtCdfR0ef6CJsxLKuV8bsdGy9dtHgAE/iSpRS1QxBJsXJnFtjS:X8dfR0efhOdVxYyxHgn/S1cSw
Score10/10-
Modifies WinLogon for persistence
-
StormKitty payload
-
Async RAT payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-