General
-
Target
hey.exe
-
Size
33KB
-
Sample
240117-ntgelafba9
-
MD5
f8b17fa3bc1c5e815d843869b7fd9c04
-
SHA1
2c06449f3800cfe70895e6068b828861aaca78f3
-
SHA256
4d3d9f280ede6495587dd0550031a76654024c28292ff26cb73953f63ddadb13
-
SHA512
289d9535488edba8cb2a2b170d40552d4482dac6e26c6d64689ef53956dfb3f2a8e8bbd03a5bad9efa36fbd9954f25ec62955d40e392db929845974886efd3f1
-
SSDEEP
384:xkXYJD5aKS/Xd4T/p5g/z5EKnrYJGNqo99ayZocpMQiW4zmkZXOfq1GK2NkLphi3:x4KUgg/z5vnEMsonUXbOfq1+kaZdN
Static task
static1
Behavioral task
behavioral1
Sample
hey.exe
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
Venom Pwn3rzs' Edtition v6.0.1
Default
194.33.191.245:2405
ucglovygcuqcsabs
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
hey.exe
-
Size
33KB
-
MD5
f8b17fa3bc1c5e815d843869b7fd9c04
-
SHA1
2c06449f3800cfe70895e6068b828861aaca78f3
-
SHA256
4d3d9f280ede6495587dd0550031a76654024c28292ff26cb73953f63ddadb13
-
SHA512
289d9535488edba8cb2a2b170d40552d4482dac6e26c6d64689ef53956dfb3f2a8e8bbd03a5bad9efa36fbd9954f25ec62955d40e392db929845974886efd3f1
-
SSDEEP
384:xkXYJD5aKS/Xd4T/p5g/z5EKnrYJGNqo99ayZocpMQiW4zmkZXOfq1GK2NkLphi3:x4KUgg/z5vnEMsonUXbOfq1+kaZdN
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-