Analysis
-
max time kernel
126s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17-04-2024 07:12
General
-
Target
Client.exe
-
Size
73KB
-
MD5
336cd29221ecc835bcbf353ccae805c0
-
SHA1
0bbe68fa5feb19e429a8241eb4e8cb27a6d22a89
-
SHA256
0c48eda9bbbac547e4b4c17fdd2fa685695e5d20c5b0c1582e8e08879540780b
-
SHA512
45466e3bfa81a9e8c61dd55a26735e3eef927fa641e21a515e8f6fda4d9ea9be530ce2dbd82f05fbcc1a476d88b03a9d5539c753c1f1c37b5207f5f20d3cd737
-
SSDEEP
1536:qUN0cxVGlCBiPMVye9VdQkhDIyH1bf/MDJQzc33VclN:qU2cxVMWiPMVye9VdQgH1bfUDJQylY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:4449
127.0.0.144:4449
5.12.198.225:4449
fmvoxzfzoacbja
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Suspicious behavior: EnumeratesProcesses 32 IoCs
pid Process 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe 2220 Client.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2220 Client.exe Token: SeDebugPrivilege 860 Client.exe Token: SeDebugPrivilege 4668 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2220 Client.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Client.exe"C:\Users\Admin\AppData\Local\Temp\Client.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2220
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\Client.exe"C:\Users\Admin\AppData\Local\Temp\Client.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:860
-
C:\Users\Admin\AppData\Local\Temp\Client.exe"C:\Users\Admin\AppData\Local\Temp\Client.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4668
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
8B
MD5cf759e4c5f14fe3eec41b87ed756cea8
SHA1c27c796bb3c2fac929359563676f4ba1ffada1f5
SHA256c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761
SHA512c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b