Behavioral task
behavioral1
Sample
2444-200-0x0000000000BC0000-0x0000000000BD8000-memory.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2444-200-0x0000000000BC0000-0x0000000000BD8000-memory.exe
Resource
win10v2004-20231215-en
General
-
Target
2444-200-0x0000000000BC0000-0x0000000000BD8000-memory.dmp
-
Size
96KB
-
MD5
e10d9ccba2137c46954bbc8dadd376b9
-
SHA1
f9f208d3fbd93f654883d3a70451a91a176b6914
-
SHA256
84a6d93e448ba0deb6b78792cd98f1d978430693be39be1f7e74f82a67d90f60
-
SHA512
6cd1509b65219ee1049ffcedbd85b1cc5a35b83ff5b4143e9f38ee4ef37c20dcf16b2a16b6264bd3e253b45e80ba66fe5c8a26cb9bcf08a3ae97b849631aa51e
-
SSDEEP
1536:KaUqAcxVMW7eTmJ9rxjJTkdK4WaxHdSzPMwy/eqmmRhdWVH1bfbCeZkwzUIbVclN:KaUTcxVMW7eiJ9rxjJTkdK4WaP0PMwh6
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Exodus
91.92.255.187:4449
ypyertvpyqfr
-
delay
1
-
install
true
-
install_file
chromeupdate.exe
-
install_folder
%AppData%
Signatures
Files
-
2444-200-0x0000000000BC0000-0x0000000000BD8000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
.text Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ