Behavioral task
behavioral1
Sample
1884-371-0x0000000000580000-0x0000000000598000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1884-371-0x0000000000580000-0x0000000000598000-memory.exe
Resource
win10v2004-20231023-en
General
-
Target
1884-371-0x0000000000580000-0x0000000000598000-memory.dmp
-
Size
96KB
-
MD5
8e3d0d7621dc875b8e55c1839526b8fc
-
SHA1
f1bda18d50bc6218af3761754cc48ccb2a4196af
-
SHA256
0044443edd7560894c614a19d02b6994fa1541a8033d4a017262f01d33273c43
-
SHA512
827dd8e210233eadc5e0ee6575b53017211bb24595b950f2c0d7c1f3cd927e91bcb52e9af64faf6aafe195dc7da3ce60adf812ba8869b77927d996232f7cb007
-
SSDEEP
1536:PhUZAcxjVLcoCJPPMVOe9VdQuDI6H1bf/GDXQzcG7VclN:pUWcxjVLLCPPMVOe9VdQsH1bfqXQvxY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
89.23.100.93:4449
oonrejgwedvxwse
-
delay
1
-
install
true
-
install_file
calc.exe
-
install_folder
%AppData%
Signatures
Files
-
1884-371-0x0000000000580000-0x0000000000598000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ