General
-
Target
Our Order Inquiry N1120092018.exe
-
Size
492KB
-
Sample
240627-j4zayatakp
-
MD5
053aac08d444d91ab5fc8aa01dd11e8f
-
SHA1
5a53b00c9d6c138e728888fe2497c109a3b2fe55
-
SHA256
3c0b94f379c5c568f8f3d406b22b642d3fae60094f8dffbf2e24c87c8435e0a6
-
SHA512
25e1c6115dc72cc1ddc4bd1764a3981729ff9205bd033bff86983c5ed669282bad6beddf949561716d6f7769de0341df3046682f51309fd34bfa7f8bc1291e2d
-
SSDEEP
12288:1J24XbCawVXX6yznKlnndQJpDyw6zLeJ4VZxdkR:hwpXPnOdQHB6zLew7A
Static task
static1
Behavioral task
behavioral1
Sample
Our Order Inquiry N1120092018.exe
Resource
win7-20240508-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
194.55.186.155:2424
qncatmcnnrwluo
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Our Order Inquiry N1120092018.exe
-
Size
492KB
-
MD5
053aac08d444d91ab5fc8aa01dd11e8f
-
SHA1
5a53b00c9d6c138e728888fe2497c109a3b2fe55
-
SHA256
3c0b94f379c5c568f8f3d406b22b642d3fae60094f8dffbf2e24c87c8435e0a6
-
SHA512
25e1c6115dc72cc1ddc4bd1764a3981729ff9205bd033bff86983c5ed669282bad6beddf949561716d6f7769de0341df3046682f51309fd34bfa7f8bc1291e2d
-
SSDEEP
12288:1J24XbCawVXX6yznKlnndQJpDyw6zLeJ4VZxdkR:hwpXPnOdQHB6zLew7A
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-