General
-
Target
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54.exe
-
Size
75KB
-
Sample
240418-bgdrqafh31
-
MD5
a7d63348cfe9b0dc9d3aaec28c76c8f0
-
SHA1
1b993f554960286e90cfd7cedf4c457e1c46ff80
-
SHA256
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54
-
SHA512
3910836ccae023d562c66bfd754b0d1e3aadc4c1cbf57e96e8220c1de6534a529ec3630d595a7baba7c56ca503b6ce6d012b9c388b9f896f2a0a8be317ca5010
-
SSDEEP
1536:XXkUaUdXCfRPMRkGWsrT/NGH1ba/KOjybwokzkHLVclN:XUUTNWPMRkGUH1baP+tkWBY
Behavioral task
behavioral1
Sample
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
hoyqzolrquxmbnzaee
-
delay
1
-
install
true
-
install_file
system.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/ckrnc4Uk
Extracted
http://xcu.exgaming.click
Extracted
http://xcu5.exgaming.click
Targets
-
-
Target
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54.exe
-
Size
75KB
-
MD5
a7d63348cfe9b0dc9d3aaec28c76c8f0
-
SHA1
1b993f554960286e90cfd7cedf4c457e1c46ff80
-
SHA256
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54
-
SHA512
3910836ccae023d562c66bfd754b0d1e3aadc4c1cbf57e96e8220c1de6534a529ec3630d595a7baba7c56ca503b6ce6d012b9c388b9f896f2a0a8be317ca5010
-
SSDEEP
1536:XXkUaUdXCfRPMRkGWsrT/NGH1ba/KOjybwokzkHLVclN:XUUTNWPMRkGUH1baP+tkWBY
-
Async RAT payload
-
Detects executables attemping to enumerate video devices using WMI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-