General
-
Target
cbd5231b3d8bd511ab28c10b0082c126.bin
-
Size
13.6MB
-
Sample
240620-ek2jqsxfme
-
MD5
6b0f8ec8a67d3fa0d8ef9ceb96e4f817
-
SHA1
e2cad65dc626623a0a2625545559d64b10200c0b
-
SHA256
4100080f2d95ae5c262d029b1406ae5d037ab8a07035a8b9eedadb07071dbb21
-
SHA512
623b6806554db7fe2f625e526e532a48683f2462d134385361b2bfbb3dbe46db581a4b92f6ea17446b2099416ad33132732bfeb302dad500b29429a8b2906b25
-
SSDEEP
393216:kC0PvF+k0LqKZfks0OwkkpJagOUfL4hESMQM79dEpJ:90PvFKfosgOUz4hE8Ms7
Behavioral task
behavioral1
Sample
runtime.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
runtime.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
win5.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Default
72.5.43.15:4449
yezcydjwbxouz
-
delay
1
-
install
true
-
install_file
win.exe
-
install_folder
%AppData%
Targets
-
-
Target
runtime.exe
-
Size
73KB
-
MD5
4fa7b1eec1fc84eb3a13c29e5a37aae7
-
SHA1
dfff9fceeb4d74d7e82f9f0a65d1889fa0f9e326
-
SHA256
5f5aa560b9b2d9f7ea3b9a4e05b9b9b35107dc78bd763000fe05f6b3f998f311
-
SHA512
5e36a5589499a3db56d78de1b66a9ee57a2972bc57bf4b915df9118fd2a584c74ba00c61531d922431b72e87f9c53585c4c1a78a2aba122a22ea5e3603aa06ba
-
SSDEEP
1536:KIUme0cxdlOH4PAI7Bn3h36rAi8EjZUPMwC/eqmmRhdWVH1bfbfPmjmwzUYbVclN:KIUm3cxdlOH4YI7Bn3h36rAi8EVUPMwv
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
win5.exe
-
Size
13.8MB
-
MD5
887ee63442c8ee2604ba02d5c5770069
-
SHA1
1ed501df3fc3d4d58df2369a9195959b0e875597
-
SHA256
e47b6c6eff46ef74daad65e7f84d70d1e713de4b6f6dda4be06708d8dae61339
-
SHA512
c2fa7a25e7ed143ca1185089275c521c2dd26cb9a15b4378caa5111f9c34807486946a6490586498eafbc904ecd3b027e92dbd3f76c855cea0401da69bafedd1
-
SSDEEP
196608:gYFgX7miZ0sKYu/PaQqtG7fpDOjmFpMRxtYSHdKiy4kdai7bN3mDRIIBR+CaW5LS:/FDQQYGVKKSphMB3Q1zDvp+
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-