General
-
Target
work.exe
-
Size
78KB
-
MD5
361919eb0a12a63d1b3222ae6a75b9fc
-
SHA1
298db490204ed7ac9ef5e4cb748458a310d0b050
-
SHA256
98becbe09e586fad5ca0132b4be237d5958d63d72f74779f23baca7c7e62990c
-
SHA512
931f0531d48a7157077f834374d99bf7dc52fe7042bbeb08e7207b1b911113aa18f91bbb753b389691c86b205069c1297676875113b591ea777fbc6ce8c4d520
-
SSDEEP
1536:JUy8cxxT6hC1bX6PMVcMggrtIHH1bZ8qe3TJQzcW3VclNQ:JUDcxxT8obX6PMV7FwH1bZcDJQ/lY+
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
DontDel
94.232.249.235:4449
94.232.249.235:13001
rzdefgskseo
-
delay
1
-
install
true
-
install_file
Add-MpPreference -ExclusionPath "C:\".exe
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource work.exe
Files
-
work.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ