General
-
Target
b7491f105a9624be5fec6a46e6932074730758bba75a6a7f74ea3e9b4d92eccb
-
Size
63KB
-
Sample
240404-a8sjhshg9w
-
MD5
4f9f63fc9e0ac76188596bb2efd3b033
-
SHA1
cde6775e15f73eb512f50ee824550fd64400e1cf
-
SHA256
b7491f105a9624be5fec6a46e6932074730758bba75a6a7f74ea3e9b4d92eccb
-
SHA512
cfeb52790f20cc558753b473c02647c6fd7635a302e0481d9d412f5029b2100f834b8c6d3f62baffcfdaeed3e5b40011cc730c6fd0f76f6ac58ae1a5a62f70ba
-
SSDEEP
1536:4ZeNjfU/cNRPZNg/p6eeiIVrGbbXwuYGCDpqKmY7:4ZeNjfU/clCpDeXGbbXogz
Behavioral task
behavioral1
Sample
b7491f105a9624be5fec6a46e6932074730758bba75a6a7f74ea3e9b4d92eccb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b7491f105a9624be5fec6a46e6932074730758bba75a6a7f74ea3e9b4d92eccb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
127.0.0.1:4449
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
true
-
install_file
SVCHOSTER.exe
-
install_folder
%AppData%
Targets
-
-
Target
b7491f105a9624be5fec6a46e6932074730758bba75a6a7f74ea3e9b4d92eccb
-
Size
63KB
-
MD5
4f9f63fc9e0ac76188596bb2efd3b033
-
SHA1
cde6775e15f73eb512f50ee824550fd64400e1cf
-
SHA256
b7491f105a9624be5fec6a46e6932074730758bba75a6a7f74ea3e9b4d92eccb
-
SHA512
cfeb52790f20cc558753b473c02647c6fd7635a302e0481d9d412f5029b2100f834b8c6d3f62baffcfdaeed3e5b40011cc730c6fd0f76f6ac58ae1a5a62f70ba
-
SSDEEP
1536:4ZeNjfU/cNRPZNg/p6eeiIVrGbbXwuYGCDpqKmY7:4ZeNjfU/clCpDeXGbbXogz
Score10/10-
Async RAT payload
-
Detects executables attemping to enumerate video devices using WMI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-