Behavioral task
behavioral1
Sample
b8f4ac566b9f8e80a217c4a755fc01edd6d4e26cce05b4d777d44ae123d2da8a.exe
Resource
win7-20240729-en
General
-
Target
b8f4ac566b9f8e80a217c4a755fc01edd6d4e26cce05b4d777d44ae123d2da8a
-
Size
74KB
-
MD5
5692fcc767e235760e3afb368543ed44
-
SHA1
f56ffbee5250aa872e5e2db18bd5a9357e26a2d3
-
SHA256
b8f4ac566b9f8e80a217c4a755fc01edd6d4e26cce05b4d777d44ae123d2da8a
-
SHA512
4b533ad6456bc760bf6840214d675efed7fe59dd31f928118e9e648a53418e1eb8354f0bfb9b202c086c066951155187db1b356041fb7a4efe777f2c608f5a3e
-
SSDEEP
1536:gUUPcxVteCW7PMVU7zOsMdIfH1b//8AvOyJ6QzcyLVclN:gUmcxV4x7PMVU7zOsMQH1b/RlIQjBY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:1337
05chQ1ux@
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule sample family_asyncrat -
Asyncrat family
-
resource yara_rule sample VenomRAT -
Venomrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b8f4ac566b9f8e80a217c4a755fc01edd6d4e26cce05b4d777d44ae123d2da8a
Files
-
b8f4ac566b9f8e80a217c4a755fc01edd6d4e26cce05b4d777d44ae123d2da8a.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ