Analysis
-
max time kernel
135s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17-04-2024 07:18
General
-
Target
Cliqwewqweqweqweqweent.exe
-
Size
74KB
-
MD5
a7d18e77700af37a57ad826336d00083
-
SHA1
3a136dd7d049a130016203b16b8f483ebe018e63
-
SHA256
f640f6e687e9ecf5ab4aa8f69751ab6256c6c46facca15f6be9b48b4295af416
-
SHA512
51767ab6024db996f6d136a471cc1d07cb97753eed30d680c15a7cfb743326e39a6b10eeb3fa69e32b9b18392238078b4532840ea7134869560bc176bd3ef2b2
-
SSDEEP
1536:kUXkcxVKpC6yPMVtKFJ8IfH1b3/yrBQzcYxLVclN:kU0cxVENyPMVtKFHH1b3gQNxBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
127.0.0.1:4449
127.0.0.144:4449
5.12.198.225:4449
192.168.1.10:4449
Mutex
krhlvmqdxsmdeutrp
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe 2084 Cliqwewqweqweqweqweent.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2084 Cliqwewqweqweqweqweent.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2084 Cliqwewqweqweqweqweent.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Cliqwewqweqweqweqweent.exe"C:\Users\Admin\AppData\Local\Temp\Cliqwewqweqweqweqweent.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3888,i,6862816582779850255,3437582573780299282,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:81⤵PID:2192