General
-
Target
Cliweent.exe
-
Size
73KB
-
MD5
77f532ac803bd6fe3004117770fbaad1
-
SHA1
f5274da498656c1fb2b446aaec152a9a9567a6e2
-
SHA256
36d244efe3e391bbf9a80a0d683291d791142f2e9d9846c0e69c331cf888aed6
-
SHA512
2812ae69c7f6a030aa867e743aa100237fef256e3dc1dfcb8c588e7b3b97fbf339a46222b82e1d946fa62d6cee4182388a003f88fa4626d26035d6f105156860
-
SSDEEP
1536:KUN0cxVGlCBiPMVbbadaIxH1b3/PFQzc33VclN:KU2cxVMWiPMV3azH1b3lQSlY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:4449
127.0.0.144:4449
5.12.198.225:4449
192.168.1.10:4449
fmvoxzfzoacbja
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Cliweent.exe
Files
-
Cliweent.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ