General
-
Target
78c12e107561655fed35af72ed4c7400.bin
-
Size
22.0MB
-
Sample
240620-dzx97a1ann
-
MD5
db4ce6e3aeb6d6a05acf51cee9e272c2
-
SHA1
eec142f9b15f7fd33c6d2963c01bdfc59e21c451
-
SHA256
6c793eaf5b5b700aeed6cad66aa3bff7499bf8b1815cf09d5a39e2403da5dbfd
-
SHA512
ef710e27858cc7116c25f796becd63483fff6afe7846f6ed109a1ade80d937510c299b9e4df7e2aad813a901a3169a84b5993c9ad2b1b09ef82d71867e58f2da
-
SSDEEP
393216:cIqXL+PhiobrQWZ7oJZrV18/n2su9s4bOlhgFRDu/TU/H9PyKUDlk40DgVQaskoe:cIqXyEobJuJ8/nichmRITU/HJyL0pQoe
Behavioral task
behavioral1
Sample
win7/runtime.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
win7/runtime.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
win7/win5.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
win7/win5.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
win7/win6.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
win7/win6.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Default
72.5.43.15:4449
yezcydjwbxouz
-
delay
1
-
install
true
-
install_file
win.exe
-
install_folder
%AppData%
Targets
-
-
Target
win7/runtime.exe
-
Size
73KB
-
MD5
4fa7b1eec1fc84eb3a13c29e5a37aae7
-
SHA1
dfff9fceeb4d74d7e82f9f0a65d1889fa0f9e326
-
SHA256
5f5aa560b9b2d9f7ea3b9a4e05b9b9b35107dc78bd763000fe05f6b3f998f311
-
SHA512
5e36a5589499a3db56d78de1b66a9ee57a2972bc57bf4b915df9118fd2a584c74ba00c61531d922431b72e87f9c53585c4c1a78a2aba122a22ea5e3603aa06ba
-
SSDEEP
1536:KIUme0cxdlOH4PAI7Bn3h36rAi8EjZUPMwC/eqmmRhdWVH1bfbfPmjmwzUYbVclN:KIUm3cxdlOH4YI7Bn3h36rAi8EVUPMwv
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
win7/win5.exe
-
Size
13.8MB
-
MD5
2639068bf1e1de3ccae340e6bee3e548
-
SHA1
3eec25d70e72e94085b854a07af032d3e4df7c70
-
SHA256
d8bbee1d3eee12b9d710cc892d767469578a511a8149ada07a05dfbee89941bf
-
SHA512
45ada1b47ab66e2c5f9e9344fd0d2e3b759a738ff4a970138ab8253dd12c55d7fe9cce5a9c3bb23c9c52a7d6d46ff6a0f86381d64bfd19ae8b1b1f222040cb6f
-
SSDEEP
196608:ugFgX7miZ0sKYu/PaQqtG7fpDOjmFpMRxtYSHdKiy4kdai7bN3mDRI1p+CbbPlaJ:LFDQQYGVKKSphMB3Q1sDVaJ
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
-
-
Target
win7/win6.exe
-
Size
8.5MB
-
MD5
54da1e18625df8635098673f7910ef0a
-
SHA1
a7093de871853b6b2ee0a506dc2e40d56f2b2cea
-
SHA256
0ec75e29acf2a905f1061e1c051bd34ef6ba01e216f8cf0f43db983eb0e6d5a4
-
SHA512
1d50dc05bd4e74fbf19bf492ba35111af75167d7822ba866e6557b8fa3090795c990b7ce1fa3a88cba9e315b51b8212fa6e32fcd9ffc1514f007f30d8fa2820f
-
SSDEEP
196608:3ZpWwkjiVXF4ckmkXnVFPQ/WQ9pQeHSXhLZmftMbjUFrNWk:3FVV41lFPpQ9GdxMftMbjkN5
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-