General
-
Target
erwer.exe
-
Size
63KB
-
Sample
240427-mym79shf4t
-
MD5
f37b2278ca7f7064cb00956fa2dfc9c0
-
SHA1
a70187d714d5dcfbdaa67fbb789452e63e433812
-
SHA256
7c680a2e8e309a90a18ec45b16af3514ecbe43d761968c6c94d76144fcba9b79
-
SHA512
8b88b80126a86c3433c2a9f04999b0c90835ef955a1a50271d6164468585038e92716066e660915e8668a703d5029d6546d8d90bab6341a1cc4ff508b39f76b4
-
SSDEEP
1536:shBxLDlw0eEUzsUtjTk0vfTwrGbb/wChxGCDpqKmY7:shBxLDlw0dUvtjTk0XTaGbb/Rhhgz
Behavioral task
behavioral1
Sample
erwer.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
erwer.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
127.0.0.1:4449
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
true
-
install_file
hthtrth.exe
-
install_folder
%AppData%
Targets
-
-
Target
erwer.exe
-
Size
63KB
-
MD5
f37b2278ca7f7064cb00956fa2dfc9c0
-
SHA1
a70187d714d5dcfbdaa67fbb789452e63e433812
-
SHA256
7c680a2e8e309a90a18ec45b16af3514ecbe43d761968c6c94d76144fcba9b79
-
SHA512
8b88b80126a86c3433c2a9f04999b0c90835ef955a1a50271d6164468585038e92716066e660915e8668a703d5029d6546d8d90bab6341a1cc4ff508b39f76b4
-
SSDEEP
1536:shBxLDlw0eEUzsUtjTk0vfTwrGbb/wChxGCDpqKmY7:shBxLDlw0dUvtjTk0XTaGbb/Rhhgz
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-