General
-
Target
5.exe
-
Size
1.8MB
-
Sample
240926-r41srsseql
-
MD5
8c9c35191068974382d0637e4ef4af43
-
SHA1
a00ac4856e32c4a836d6ca050ddaf745de8cee61
-
SHA256
0f80bb8d09855e63b1c7ee2b16831885827c255e757d73106791d09ec3fd94f1
-
SHA512
610502b61500c1ecbeb6539a1b60fd4009b777029233b0a80453ee93ce1b6b286f944a0dc1bbad1665eceb8a33ca6ea2a2e2ca54d0fb4c6745b71ef03fcdb50f
-
SSDEEP
49152:n2EYTb8atv1orq+pEiSDTj1VyvBa44yHdBvAnOx30KlhY33lSYHEz/N:2XbIrqabvAn043UYH
Static task
static1
Behavioral task
behavioral1
Sample
5.exe
Resource
win7-20240704-en
Malware Config
Extracted
https://www.montereal.com.pe/INV3294331887.txt
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
91.92.240.191:4449
91.92.240.191:2025
xpexpmibjcreztb
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
5.exe
-
Size
1.8MB
-
MD5
8c9c35191068974382d0637e4ef4af43
-
SHA1
a00ac4856e32c4a836d6ca050ddaf745de8cee61
-
SHA256
0f80bb8d09855e63b1c7ee2b16831885827c255e757d73106791d09ec3fd94f1
-
SHA512
610502b61500c1ecbeb6539a1b60fd4009b777029233b0a80453ee93ce1b6b286f944a0dc1bbad1665eceb8a33ca6ea2a2e2ca54d0fb4c6745b71ef03fcdb50f
-
SSDEEP
49152:n2EYTb8atv1orq+pEiSDTj1VyvBa44yHdBvAnOx30KlhY33lSYHEz/N:2XbIrqabvAn043UYH
-
StormKitty payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Drops startup file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-