General
-
Target
Shellbag anylizer.exe
-
Size
247KB
-
MD5
851269fc86de5d91e5f2db1b2b34cb6e
-
SHA1
6103dab45c98bddef65b6eed235a60159d458526
-
SHA256
0b7987bd9f7cbee60c4c809f22ecda6f314a0366f0704ed474626ac5f7af3521
-
SHA512
c01c7d2ec52d55ece6f88eeb9c5ecf260ef9b59fd3f08ad42e4ed582b24bd482fcfd334375177b032564f567af6d195f7627249abe1e428f52f6c2806783acfc
-
SSDEEP
6144:/bwmPMVWrVbVPwF9kfK8rpClz0KBb6o589GHWHWujiSPbp:/bw8n5gBuj/PV
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
zedtklncvg
-
delay
1
-
install
true
-
install_file
update.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/f2T8NYnM
Signatures
Files
-
Shellbag anylizer.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 177KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ