Analysis
-
max time kernel
136s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
28-06-2024 19:07
Behavioral task
behavioral1
Sample
Analyzer.exe
Resource
win7-20240611-en
4 signatures
150 seconds
General
-
Target
Analyzer.exe
-
Size
74KB
-
MD5
701666c7ca98109923c95914b465a7f0
-
SHA1
12a865f1b56ba127f6aa897ea2336b6d9bdc4284
-
SHA256
434fc1fcde79cced66c7784f22b1703b41dd77f1800edd7bebe4343f479080d8
-
SHA512
0b6ee5e89d8dfd204daf96152d7d754ed09fb6a64d9095db94a8c1709c8cdaa9435484e9ae7d48e97a70b5ca94d2ecce1b9ce0d8e8614de5f0b0b9f8594cf24b
-
SSDEEP
1536:/Uzkcx4VHsC0SPMV1pDHCIyH1bA/3QzceLVclN:/Uwcx4GfSPMV1pDOH1bAvQ3BY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
127.0.0.1:4782
84.44.148.177:4782
Mutex
ufnwppwtssgsve
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
Analyzer.exepid process 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe 2420 Analyzer.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Analyzer.exedescription pid process Token: SeDebugPrivilege 2420 Analyzer.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Analyzer.exepid process 2420 Analyzer.exe