General
-
Target
gf.exe
-
Size
63KB
-
Sample
240124-sgsz3sdbh6
-
MD5
d82e9c12d9548d1acd3be6d715d7e19e
-
SHA1
df382e180890ba08ce00bc7eff46370a40e91c22
-
SHA256
370e164fc6451e82e42ca5cdd39b30d50cd4b4c6b8f25c17a2edfeb362330d8a
-
SHA512
ed18c791ff99602a21dd8f9a54a6b66757029ec36f25df27d93f79dd3572e8391d61fae95eb33d449b6cf8cccf1b1e83d2bdcf92e11a281668d766dd4efcdf9c
-
SSDEEP
1536:Wvw4ZBAbazxvutlT+GbbSwLKd4mSGuDpqKmY7:WvhIaz1KQGbbSiKdB8gz
Behavioral task
behavioral1
Sample
gf.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral2
Sample
gf.exe
Resource
win11-20231215-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
127.0.0.1:42474
176.150.69.221:42474
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
true
-
install_file
aaaaaaaaaaaaaaaaaaaaaa.exe
-
install_folder
%AppData%
Targets
-
-
Target
gf.exe
-
Size
63KB
-
MD5
d82e9c12d9548d1acd3be6d715d7e19e
-
SHA1
df382e180890ba08ce00bc7eff46370a40e91c22
-
SHA256
370e164fc6451e82e42ca5cdd39b30d50cd4b4c6b8f25c17a2edfeb362330d8a
-
SHA512
ed18c791ff99602a21dd8f9a54a6b66757029ec36f25df27d93f79dd3572e8391d61fae95eb33d449b6cf8cccf1b1e83d2bdcf92e11a281668d766dd4efcdf9c
-
SSDEEP
1536:Wvw4ZBAbazxvutlT+GbbSwLKd4mSGuDpqKmY7:WvhIaz1KQGbbSiKdB8gz
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-