Behavioral task
behavioral1
Sample
bc6005c0a53f37d259323fd3aeb2682b914050f20409fcfd21da5b31474a908b.exe
Resource
win10-20240214-en
General
-
Target
infected.zip
-
Size
36KB
-
MD5
5508e890a2e549cb98cff98adf82b100
-
SHA1
d747d2055afd511608bf20312e42e5f4cf65720d
-
SHA256
f8590e30885a7ab138613a0747d69830715d6f4d656274cf0a613f56741a9f0a
-
SHA512
bd069aecf332c2811bdd764ee6458d1aaf7fc4cdfcec7c0cb84df63d91f69ab1203c6920b37766270fbe9b3b5662d3393c7165355bc8e7d8484aa6d31c99eef5
-
SSDEEP
768:M0pyEf/rt/JTTzRIxneYVQQ4cSvp2PwpGlivR2aqS3TKmmUwIR:bUE7fxIgQQB/vqlliJ229sm
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
171.233.98.70:18274
csnsaqugsusbtz
-
delay
1
-
install
true
-
install_file
Registry.exe
-
install_folder
%AppData%
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule static1/unpack001/bc6005c0a53f37d259323fd3aeb2682b914050f20409fcfd21da5b31474a908b family_asyncrat -
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/bc6005c0a53f37d259323fd3aeb2682b914050f20409fcfd21da5b31474a908b
Files
-
infected.zip.zip
Password: infected
-
bc6005c0a53f37d259323fd3aeb2682b914050f20409fcfd21da5b31474a908b.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ