Analysis
-
max time kernel
1200s -
max time network
1207s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
21/01/2024, 16:21
Behavioral task
behavioral1
Sample
28add650000.exe
Resource
win10-20231215-en
5 signatures
1200 seconds
Behavioral task
behavioral2
Sample
28add650000.exe
Resource
win10v2004-20231215-en
5 signatures
1200 seconds
General
-
Target
28add650000.exe
-
Size
76KB
-
MD5
bed58dec24567f2db0facb34aae9746d
-
SHA1
4fad95ee6c482ad23f778f87b78ac0ed9f3738dd
-
SHA256
087cd98565ba0bb9689db91c94e4203f2a7e594e67af3580f08cf47ac9d78b41
-
SHA512
f9f7fb3a9ac92bb7bcaf69ef32291f02fc5dc2241acd7f265c86921bd4d15e8c3d71b868b560812269cf3828957bdbc40144205733dcaebcbbf30fa9bf550984
-
SSDEEP
1536:4UUPcxVteCW7PMVQe8BegWIeH1bJ/VDQzcaLVclN:4UmcxV4x7PMVt8VuH1bJVQLBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
67.205.154.243:4431
Mutex
wuhjwqibozr
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule behavioral1/memory/1552-0-0x00000000008C0000-0x00000000008D8000-memory.dmp asyncrat -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe 1552 28add650000.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1552 28add650000.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1552 28add650000.exe