Behavioral task
behavioral1
Sample
b01f8abc812a17b3fe0a6dd06b9dfc2f99a153dad1a8e3e325fab7f95bf78cde.exe
Resource
win7-20240704-en
General
-
Target
b01f8abc812a17b3fe0a6dd06b9dfc2f99a153dad1a8e3e325fab7f95bf78cde
-
Size
74KB
-
MD5
6c9944b8a88b29b1b09f66f7e0b246a0
-
SHA1
d3a0a1dd2908321d2086b236d4a8411f11e6e574
-
SHA256
b01f8abc812a17b3fe0a6dd06b9dfc2f99a153dad1a8e3e325fab7f95bf78cde
-
SHA512
1d129611ec5000a841a462305649afdd6a9ea1c4ccfe790cdde2a1244c5994e349f1ad01ead0f5db4521c98efd8c0b65f16cf9459b9bb57586c227f276a34b56
-
SSDEEP
1536:9UHNwcxKHXwzCtmPMV2e9VdQuDI6H1bf/l8wIKQzca7VclN:9UHicxK8WmPMV2e9VdQsH1bfN8eQrxY
Malware Config
Extracted
asyncrat
Default
fkmfvhqhbwrdv
-
delay
1
-
install
true
-
install_file
111222.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/LwwcrLg4
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule sample family_asyncrat -
Asyncrat family
-
resource yara_rule sample VenomRAT -
Venomrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b01f8abc812a17b3fe0a6dd06b9dfc2f99a153dad1a8e3e325fab7f95bf78cde
Files
-
b01f8abc812a17b3fe0a6dd06b9dfc2f99a153dad1a8e3e325fab7f95bf78cde.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ