General
-
Target
hta.hta
-
Size
12KB
-
Sample
240420-rc9atsah2s
-
MD5
c4c06bc09d5d07d8abdb074e80806d07
-
SHA1
fd49f1d6c2fb26415c90b9e352b288f16e169b6c
-
SHA256
c5010ef902c9a8421aaf07a4ac475667c0b2ddae0b2d4c2f4c28aa7b7f482b3d
-
SHA512
6a8eb776b68d500645b1b4bbc4440e8e24e6f8340e3fe560ae96b8c127b26bd3a678782306e4b049aa9d4a1fc120f782307ac2ae166c84bcf73cffcd451a0626
-
SSDEEP
384:yCG1ce3Nf2/B8L0L2/B8eNnCOHk2/B8ZNUNTBbuq80Kuhv+K0NuG8QS2Va2XKFVq:KuJvVCBy
Static task
static1
Behavioral task
behavioral1
Sample
hta.hta
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
193.222.96.128:4449
nkvohxapain
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
hta.hta
-
Size
12KB
-
MD5
c4c06bc09d5d07d8abdb074e80806d07
-
SHA1
fd49f1d6c2fb26415c90b9e352b288f16e169b6c
-
SHA256
c5010ef902c9a8421aaf07a4ac475667c0b2ddae0b2d4c2f4c28aa7b7f482b3d
-
SHA512
6a8eb776b68d500645b1b4bbc4440e8e24e6f8340e3fe560ae96b8c127b26bd3a678782306e4b049aa9d4a1fc120f782307ac2ae166c84bcf73cffcd451a0626
-
SSDEEP
384:yCG1ce3Nf2/B8L0L2/B8eNnCOHk2/B8ZNUNTBbuq80Kuhv+K0NuG8QS2Va2XKFVq:KuJvVCBy
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-