General
-
Target
Cheto Cracked @RFREE.exe
-
Size
1.1MB
-
Sample
231114-w7twvach42
-
MD5
5f648871239d1c45baef196edf36b4af
-
SHA1
bc7765059fd8d9c921ec3ace34d8b9c90db92d77
-
SHA256
cd13acc777fcf8260bee6ac66b912bbbe12f5e1c695e34bc481d75d96c1c9662
-
SHA512
74d5f9334d8513e251e744838e381b15eb4045d4594fce467c835aa1d0e1e6489790a495f80c683786fc92291733b6f926f6e079145bb55ee5f6881c18e1fb3d
-
SSDEEP
24576:vWOwFEdY2t+YKgHZENB8SWySm3uOywWgtaQUUlq/:uTWdYBaE78WSm3uBwhlq
Static task
static1
Behavioral task
behavioral1
Sample
Cheto Cracked @RFREE.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
xdatarfree.ddns.net:4449
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Cheto Cracked @RFREE.exe
-
Size
1.1MB
-
MD5
5f648871239d1c45baef196edf36b4af
-
SHA1
bc7765059fd8d9c921ec3ace34d8b9c90db92d77
-
SHA256
cd13acc777fcf8260bee6ac66b912bbbe12f5e1c695e34bc481d75d96c1c9662
-
SHA512
74d5f9334d8513e251e744838e381b15eb4045d4594fce467c835aa1d0e1e6489790a495f80c683786fc92291733b6f926f6e079145bb55ee5f6881c18e1fb3d
-
SSDEEP
24576:vWOwFEdY2t+YKgHZENB8SWySm3uOywWgtaQUUlq/:uTWdYBaE78WSm3uBwhlq
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-