General
-
Target
Clientfor triage.exe
-
Size
74KB
-
Sample
240417-wyr1wshh73
-
MD5
df7dfc7f1ca5217aa7fa6c5fa6de3d14
-
SHA1
2ba55b118b80361989f879bf85b83ef1beccba54
-
SHA256
936d1f245521d1bb692693036b4a4e8f5942768fd0faecbe6fe0d288f0d6fd50
-
SHA512
c989eca51d23f719875ad7a871ce4f037c01ab275dc9e1b83a11a83dcac71e4bd63d6c5fa884fbcc9fb18bdaa006376fb41310deffda7873f8c6726059924619
-
SSDEEP
1536:2Ume0cxFVTuCGbPMVoKEV9kIQ71bI/8VQzc2LVclN:2Um3cxFVaBbPMVvEVs71bI0VQPBY
Behavioral task
behavioral1
Sample
Clientfor triage.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
94.156.8.65:8080
asd
-
delay
1
-
install
true
-
install_file
asd.exe
-
install_folder
%AppData%
Targets
-
-
Target
Clientfor triage.exe
-
Size
74KB
-
MD5
df7dfc7f1ca5217aa7fa6c5fa6de3d14
-
SHA1
2ba55b118b80361989f879bf85b83ef1beccba54
-
SHA256
936d1f245521d1bb692693036b4a4e8f5942768fd0faecbe6fe0d288f0d6fd50
-
SHA512
c989eca51d23f719875ad7a871ce4f037c01ab275dc9e1b83a11a83dcac71e4bd63d6c5fa884fbcc9fb18bdaa006376fb41310deffda7873f8c6726059924619
-
SSDEEP
1536:2Ume0cxFVTuCGbPMVoKEV9kIQ71bI/8VQzc2LVclN:2Um3cxFVaBbPMVvEVs71bI0VQPBY
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-