Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-10-2024 13:17
Behavioral task
behavioral1
Sample
eeeeeee.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
General
-
Target
eeeeeee.exe
-
Size
74KB
-
MD5
0e25636a64d8988a2f2a18a7969626d2
-
SHA1
524b58b47fd563b37ffc9c363d8c09101cacd2d4
-
SHA256
8dc4278083a8db73ad2499dcc55a2a5ce44b5bbfe7c2e4776d61597c9634e645
-
SHA512
248187747727b6875ba1df02547fc2c098c8d90615fcf6626f328ce31d183b9c99f779ccd0d25aaef003b89bdf830715786b46c5a543346316ff1b4608d6a6cd
-
SSDEEP
1536:3UFAcxehvCw2PMV21ricIMW1bH//giTQzcGLVclN:3U6cxe1/2PMV8ri+W1bH3XTQfBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
88.173.32.153:8081
Mutex
ogjwcholityhqynwcm
Attributes
-
delay
1
-
install
false
-
install_file
meme
-
install_folder
%AppData%
aes.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4884-1-0x0000000000670000-0x0000000000688000-memory.dmp VenomRAT -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
eeeeeee.exepid process 4884 eeeeeee.exe 4884 eeeeeee.exe 4884 eeeeeee.exe 4884 eeeeeee.exe 4884 eeeeeee.exe 4884 eeeeeee.exe 4884 eeeeeee.exe 4884 eeeeeee.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
eeeeeee.exedescription pid process Token: SeDebugPrivilege 4884 eeeeeee.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
eeeeeee.exepid process 4884 eeeeeee.exe