Analysis
-
max time kernel
148s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18-08-2024 18:59
Behavioral task
behavioral1
Sample
bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe
Resource
win7-20240708-en
5 signatures
150 seconds
General
-
Target
bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe
-
Size
82KB
-
MD5
d6dc30e98f39def9ffd311b49d4779b9
-
SHA1
6a0efc6730b08f86e6f670bf8775abacc925afd0
-
SHA256
bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f
-
SHA512
863024c4865abb0e41ffc5c96e61d6cdd5482cd1b3ef94d4abfb5c4951147b03dd109901632bc4646c03356af62c0f62b0b17ea2f1e7a9347882c84d12727a8f
-
SSDEEP
1536:SVUUPcxVteCW7PMVU7zOsMdIfH1b//OxQzct33oLVclN:QUmcxV4x7PMVU7zOsMQH1b/OQQ33oBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
127.0.0.1:1337
Mutex
apfvhadmvze
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
resource yara_rule behavioral2/memory/4384-1-0x0000000000AC0000-0x0000000000ADA000-memory.dmp VenomRAT -
Suspicious behavior: EnumeratesProcesses 31 IoCs
pid Process 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4384 bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe"C:\Users\Admin\AppData\Local\Temp\bd2fc790f431289241e4e49edd302bc0e7fb43690378b01489caf191cee9bb8f.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4384