Overview
overview
10Static
static
1026.06.2024...th.dll
windows10-1703-x64
326.06.2024...th.dll
windows7-x64
326.06.2024...th.dll
windows10-2004-x64
326.06.2024...th.dll
windows11-21h2-x64
326.06.2024/DxHax.exe
windows10-1703-x64
1026.06.2024/DxHax.exe
windows7-x64
1026.06.2024/DxHax.exe
windows10-2004-x64
1026.06.2024/DxHax.exe
windows11-21h2-x64
1026.06.2024...et.dll
windows10-1703-x64
126.06.2024...et.dll
windows7-x64
126.06.2024...et.dll
windows10-2004-x64
26.06.2024...et.dll
windows11-21h2-x64
126.06.2024...3b.exe
windows10-1703-x64
1026.06.2024...3b.exe
windows7-x64
1026.06.2024...3b.exe
windows10-2004-x64
1026.06.2024...3b.exe
windows11-21h2-x64
1026.06.2024...ll.cmd
windows10-1703-x64
126.06.2024...ll.cmd
windows7-x64
126.06.2024...ll.cmd
windows10-2004-x64
126.06.2024...ll.cmd
windows11-21h2-x64
1Analysis
-
max time kernel
438s -
max time network
1157s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-08-2024 01:30
Behavioral task
behavioral1
Sample
26.06.2024/DxHax.1.month.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
26.06.2024/DxHax.1.month.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral3
Sample
26.06.2024/DxHax.1.month.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
26.06.2024/DxHax.1.month.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
26.06.2024/DxHax.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
26.06.2024/DxHax.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral7
Sample
26.06.2024/DxHax.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
26.06.2024/DxHax.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
26.06.2024/System.Net.dll
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
26.06.2024/System.Net.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral11
Sample
26.06.2024/System.Net.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
26.06.2024/System.Net.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
26.06.2024/ZGsg7Rz25btLV3b.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
26.06.2024/ZGsg7Rz25btLV3b.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral15
Sample
26.06.2024/ZGsg7Rz25btLV3b.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
26.06.2024/ZGsg7Rz25btLV3b.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
26.06.2024/uninstall.cmd
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
26.06.2024/uninstall.cmd
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral19
Sample
26.06.2024/uninstall.cmd
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
26.06.2024/uninstall.cmd
Resource
win11-20240802-en
windows11-21h2-x64
General
-
Target
26.06.2024/ZGsg7Rz25btLV3b.exe
-
Size
132KB
-
MD5
e28df4004f9463f736761ccfb0afafe7
-
SHA1
9186f568819e064badced9200855707f73d5d52f
-
SHA256
3ad8a28960058545fb48b29ea57470086db2ef75c1006325b6871c8ea5fd81d2
-
SHA512
0e7aa2c42690a9ab4d15fff6aed63b4cbc86c2b2aafdeb2be1d5144f3273496d5dd9e70dc6d95815f59347168d5698553f5fe26fa87f1084604e97e19c4f891b
-
SSDEEP
1536:IUZgwcxiKrCfmPMVYuc0IeH1bF/P3piVQzcCBVclN:IUZ1cxiaUmPMVDccH1bFH32Q/rY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
85.105.15.233:5555
ivccsicmvcuaqdscj
-
delay
1
-
install
true
-
install_file
CTF Loader.exe
-
install_folder
%AppData%
Signatures
-
Suspicious use of AdjustPrivilegeToken 43 IoCs
description pid Process Token: SeDebugPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeIncreaseQuotaPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeSecurityPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeTakeOwnershipPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeLoadDriverPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeSystemProfilePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeSystemtimePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeProfSingleProcessPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeIncBasePriorityPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeCreatePagefilePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeBackupPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeRestorePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeShutdownPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeDebugPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeSystemEnvironmentPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeRemoteShutdownPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeUndockPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeManageVolumePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: 33 3140 ZGsg7Rz25btLV3b.exe Token: 34 3140 ZGsg7Rz25btLV3b.exe Token: 35 3140 ZGsg7Rz25btLV3b.exe Token: 36 3140 ZGsg7Rz25btLV3b.exe Token: SeIncreaseQuotaPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeSecurityPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeTakeOwnershipPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeLoadDriverPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeSystemProfilePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeSystemtimePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeProfSingleProcessPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeIncBasePriorityPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeCreatePagefilePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeBackupPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeRestorePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeShutdownPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeDebugPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeSystemEnvironmentPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeRemoteShutdownPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeUndockPrivilege 3140 ZGsg7Rz25btLV3b.exe Token: SeManageVolumePrivilege 3140 ZGsg7Rz25btLV3b.exe Token: 33 3140 ZGsg7Rz25btLV3b.exe Token: 34 3140 ZGsg7Rz25btLV3b.exe Token: 35 3140 ZGsg7Rz25btLV3b.exe Token: 36 3140 ZGsg7Rz25btLV3b.exe