General
-
Target
8a6f75426c02db73affeb070b56bebcbfb8769387dfc15f94018ffc1f63d3938.zip
-
Size
13.6MB
-
Sample
240619-t4xr8aybmr
-
MD5
cbd5231b3d8bd511ab28c10b0082c126
-
SHA1
f9764513b8fef61561fbfae0a2c575190bbf136c
-
SHA256
8a6f75426c02db73affeb070b56bebcbfb8769387dfc15f94018ffc1f63d3938
-
SHA512
8485b591db278395b143d7c2e1bacb177ec67117e779b6065513e9ec714c2d3eeefebeb3b3afcbd6221df3a949afe790e25956f89a3d7431041ab169d32a39cb
-
SSDEEP
196608:VfE7Wp1+IZGzaIWCTWOynhtcLNtFC3Azdxg/rXI+TleGqSYNEa7bNL8nXGIFf743:a7frJynHcnswWdPoXfaXT7IfW+
Behavioral task
behavioral1
Sample
runtime.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
runtime.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
win5.exe
Resource
win7-20240611-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Default
72.5.43.15:4449
yezcydjwbxouz
-
delay
1
-
install
true
-
install_file
win.exe
-
install_folder
%AppData%
Targets
-
-
Target
runtime.exe
-
Size
73KB
-
MD5
4fa7b1eec1fc84eb3a13c29e5a37aae7
-
SHA1
dfff9fceeb4d74d7e82f9f0a65d1889fa0f9e326
-
SHA256
5f5aa560b9b2d9f7ea3b9a4e05b9b9b35107dc78bd763000fe05f6b3f998f311
-
SHA512
5e36a5589499a3db56d78de1b66a9ee57a2972bc57bf4b915df9118fd2a584c74ba00c61531d922431b72e87f9c53585c4c1a78a2aba122a22ea5e3603aa06ba
-
SSDEEP
1536:KIUme0cxdlOH4PAI7Bn3h36rAi8EjZUPMwC/eqmmRhdWVH1bfbfPmjmwzUYbVclN:KIUm3cxdlOH4YI7Bn3h36rAi8EVUPMwv
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
win5.exe
-
Size
13.8MB
-
MD5
887ee63442c8ee2604ba02d5c5770069
-
SHA1
1ed501df3fc3d4d58df2369a9195959b0e875597
-
SHA256
e47b6c6eff46ef74daad65e7f84d70d1e713de4b6f6dda4be06708d8dae61339
-
SHA512
c2fa7a25e7ed143ca1185089275c521c2dd26cb9a15b4378caa5111f9c34807486946a6490586498eafbc904ecd3b027e92dbd3f76c855cea0401da69bafedd1
-
SSDEEP
196608:gYFgX7miZ0sKYu/PaQqtG7fpDOjmFpMRxtYSHdKiy4kdai7bN3mDRIIBR+CaW5LS:/FDQQYGVKKSphMB3Q1zDvp+
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-