General
-
Target
Quotation.exe
-
Size
240KB
-
Sample
240429-lesszafb82
-
MD5
0d7c259c157208ed087de127e9759687
-
SHA1
d66ed5ad63438425dd7029a109983125cb9db318
-
SHA256
8259eff22466f7ef35455edda25db31de7334666d4e7bce013c898a3777b4861
-
SHA512
1e73abe780e5cc2c33989302ce482345442e530f33c662fe30fb3dd35f4983d7d84538cba1aff6a4d933cbae3a834eae47b809e69084aacdbb0fce2fef2c6066
-
SSDEEP
3072:BhdhA9UeInbpphsvrlfKuEZCRLDQRULaGpwYuzKZRdp19a/XuJeDP1PBb1oW1:cdE8sCRLDKULa7zKbdn/q+W
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
cato
216.250.252.159:50545
swetnesss
-
delay
1
-
install
true
-
install_file
chrome.axe.exe
-
install_folder
%AppData%
Targets
-
-
Target
Quotation.exe
-
Size
240KB
-
MD5
0d7c259c157208ed087de127e9759687
-
SHA1
d66ed5ad63438425dd7029a109983125cb9db318
-
SHA256
8259eff22466f7ef35455edda25db31de7334666d4e7bce013c898a3777b4861
-
SHA512
1e73abe780e5cc2c33989302ce482345442e530f33c662fe30fb3dd35f4983d7d84538cba1aff6a4d933cbae3a834eae47b809e69084aacdbb0fce2fef2c6066
-
SSDEEP
3072:BhdhA9UeInbpphsvrlfKuEZCRLDQRULaGpwYuzKZRdp19a/XuJeDP1PBb1oW1:cdE8sCRLDKULa7zKbdn/q+W
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-