General
-
Target
12313131.exe
-
Size
63KB
-
Sample
231113-zlkb3afe27
-
MD5
cd201d62dcef88f870d3738947c27a92
-
SHA1
8a2e40a265be4b66975c607572efcd79b366fb14
-
SHA256
8c6729592cc5f22b14d30c82fd21dd415b1c044b8c3b28d15a2ac19568fb40dd
-
SHA512
a98a9d8ca9797f7748fd59085033bc8465ed4fce512ef7077418a007fca0a028a9cc72a7aac1b132d96032c9ecb03534d9af36ef46bbd6991c760fb5fac26f1c
-
SSDEEP
1536:khIBLTM3Ufc0cMd2bkGGbbTwuHCGqDpqKmY7:khIBLTM3Ufc6d2pGbbTp4gz
Behavioral task
behavioral1
Sample
12313131.exe
Resource
win7-20231020-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
agent-thumbnail.gl.at.ply.gg:21402
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
12313131.exe
-
Size
63KB
-
MD5
cd201d62dcef88f870d3738947c27a92
-
SHA1
8a2e40a265be4b66975c607572efcd79b366fb14
-
SHA256
8c6729592cc5f22b14d30c82fd21dd415b1c044b8c3b28d15a2ac19568fb40dd
-
SHA512
a98a9d8ca9797f7748fd59085033bc8465ed4fce512ef7077418a007fca0a028a9cc72a7aac1b132d96032c9ecb03534d9af36ef46bbd6991c760fb5fac26f1c
-
SSDEEP
1536:khIBLTM3Ufc0cMd2bkGGbbTwuHCGqDpqKmY7:khIBLTM3Ufc6d2pGbbTp4gz
-
Async RAT payload
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Account Manipulation
1Create or Modify System Process
1Windows Service
1