Analysis
-
max time kernel
141s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2024, 16:32
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe
-
Size
204KB
-
MD5
88f9483fc5ae7c415d9618257bfbe596
-
SHA1
353a0c7ed018cb4b71aa7984fa9bfd448bf9a77c
-
SHA256
feffae70bbd8a147e747b2cd75cba2415163f4158dc94b77f83a4844f95ccb4a
-
SHA512
2c04d9f8b83eda824a2db4e959157613e30a5df40596b14bc6e003c2c63cb322fe16ad035f613bffa0039adbe8119879743cab2b9ccc19b8fe8a54995457cb2d
-
SSDEEP
3072:UOOlv2ybjwoyCZi5axnb9cNqCJ+dIQN8MoVvgXLiWzK77dDFaPedxLgoGLMfx7c:vOlv295qbUvgXLij77thx8lLMK
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
212.118.52.86:4449
Mutex
cwntqnxqwxlfgvwc
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule behavioral2/memory/4324-0-0x0000000002050000-0x0000000002068000-memory.dmp asyncrat -
Suspicious behavior: EnumeratesProcesses 7 IoCs
pid Process 4324 SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe 4324 SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe 4324 SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe 4324 SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe 4324 SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe 4324 SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe 4324 SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4324 SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4324 SecuriteInfo.com.Win32.Evo-gen.5784.16655.exe